xworm | setup[.]exe[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

setup.exe.exe
Size

516KB
MD5

9a55f348b0e4d23c9671abbb27ef9864
SHA1

f30fac4e1b7c64c780d7f7ebe683b10ba43fa3dc
SHA256

d6ef62cbb258eb3724e1112b6caa52300f5e6adad441bcbd6a6d4a1c8426caa5
SHA512

312db79c5b49b02f1a524ab4799c30d4d8b1bf131960b37e3fbc592d8d6541fd7f59c8f192e8afb473d5d615690c03a09c23b33e47aa941fd1c47ffbb2601bf3
SSDEEP

12288:KmGh75bXVDFZP+quoSJRxvgbRNyTxJmnbYp7YUyj:KmW5bxFZP+qurqyTxJmQ7

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
setup.exe.exe

Files

setup.exe.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.^[X
Size: - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.'zZ
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.({!
Size: 513KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ