xworm | a4a610cfb72980e5d79a4b15493c0f4f490a265cf2e31e749dc99b249c4ec791 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a4a610cfb72980e5d79a4b15493c0f4f490a265cf2e31e749dc99b249c4ec791
Size

499KB
MD5

230084e32524699e70902392f46d1679
SHA1

b6ffe7b76937f801310f9b1d68bd80b73e8f2173
SHA256

a4a610cfb72980e5d79a4b15493c0f4f490a265cf2e31e749dc99b249c4ec791
SHA512

3cf0cde3724e5f41883ea9f0262195780d7d84c54fd2039c10b7b1467f4717cd94afc5bf2318508af26d652fccd6e1ebd9f386836a55cd6836b812c1f027870d
SSDEEP

12288:9HC9/+iYaFpwm/+eI8hK3TKVdTJOHwtRzTBQMlfdI:C/+taFAf9j4Fww/TBZ

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Detects Windows executables referencing non-Windows User-Agents 1 IoCs

resource	yara_rule
sample	INDICATOR_SUSPICIOUS_EXE_NoneWindowsUA

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a4a610cfb72980e5d79a4b15493c0f4f490a265cf2e31e749dc99b249c4ec791

Files

a4a610cfb72980e5d79a4b15493c0f4f490a265cf2e31e749dc99b249c4ec791
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.w>t
Size: - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.p/?
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.9yy
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ