xworm | 5d4365caafaf64640f5bcc1e344114ecc449f0ab03789e746adc81df600cb6f6

General

Target

5d4365caafaf64640f5bcc1e344114ecc449f0ab03789e746adc81df600cb6f6
Size

34KB
MD5

f67fa3b0509ec16bde605112b15d960c
SHA1

b4b92a09b15ad39f0d1b66d1060c803c85d4ca8f
SHA256

5d4365caafaf64640f5bcc1e344114ecc449f0ab03789e746adc81df600cb6f6
SHA512

316d083dcf1d4f42367282db964017adf9a6a3c92454e3bac381ee853b3f98a0eb49cc164334b9dea1d4e49e2dda138793209c31ebbb2c9a0f0aa5d30c280f77
SSDEEP

768:JOfoC8+B4ehPmyfwDT/jG/PGs1HrVaKjkGJhlu:JOHRhVwDTH8aKgGjlu

Score

10^/10

xworm

Family

xworm

C2

publisher-misc.gl.at.ply.gg:58207:58207

publisher-misc.gl.at.ply.gg:58207

Attributes

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/f4deeaeaf6a4173c46ef5df50139cd54d144dc0cc0d685b2717c1590cc8b1b1b.exe	family_xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/f4deeaeaf6a4173c46ef5df50139cd54d144dc0cc0d685b2717c1590cc8b1b1b.exe

5d4365caafaf64640f5bcc1e344114ecc449f0ab03789e746adc81df600cb6f6
.zip

Password: infected
f4deeaeaf6a4173c46ef5df50139cd54d144dc0cc0d685b2717c1590cc8b1b1b.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ