xworm | 0x0037000000015f54-11[.]dat | Triage

Sharing

General

Target

0x0037000000015f54-11.dat
Size

40KB
MD5

7ea387ab126b2ecf3365d448a318a433
SHA1

71b6e05898b68ed72ca95266d6293b225c40b612
SHA256

573f3d316ed68ea2d4762a657dcc62416b763a8fcd1f99017f02d3ef5c215015
SHA512

68830f84bf9f0a9e75a999907f7e7d816f89aa745e92078f56f303edadb236e14957e0594290f297fd4c0175ae72be02542cabe974a404fe961b7ab4bf945825
SSDEEP

768:lNfPMSk3K/EzTb/0X8WuFZ4sJF5PC9O9d968OMhM3/qj:jf05a/CTjS89/Fc9Ud968OMiY

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

45.141.27.41:7000

Mutex

9ZF9ZsOZGh1T1r1n

Attributes

Install_directory
%Public%
install_file
csrss.exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

Processes:

resource yara_rule

sample family_xworm
Xworm family
xworm
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.

Processes:

resource

0x0037000000015f54-11.dat

Files

0x0037000000015f54-11.dat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ