General
-
Target
XClient.exe
-
Size
70KB
-
MD5
986c92248d5585957d3e4f948500f56b
-
SHA1
9399aa1bd7a7e7fc63aadcb0a3f760ec4690c5c8
-
SHA256
97cb73c6ce72015acbe54c824936d9bce5a060602e285b2d4c37f9cbb4383417
-
SHA512
0182a0622fcd0ca06002096fb51642cc71950eb31645a1ddb57b714e74879216cb69bd4f8ffef57ec6d5781316587c73bd267fd9444b22b11e24a549e92c182a
-
SSDEEP
1536:NxrAa0NXH/Tv9Q68C+b59sTxMqfHTOmDdh5PqB:YT37lQxC+b59sxLHTOmDH0B
Malware Config
Extracted
xworm
https://pastebin.com/raw/1YQct0um:2001
-
Install_directory
%Temp%
-
install_file
Fixer.exe
-
pastebin_url
https://pastebin.com/raw/1YQct0um
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ