Behavioral task
behavioral1
Sample
ыфвывфвфыв.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
ыфвывфвфыв.exe
Resource
win10v2004-20240611-en
General
-
Target
ыфвывфвфыв.exe
-
Size
72KB
-
MD5
0dc0f82e01691161e1bdf90b0735a1e7
-
SHA1
e0f3051bf3a6d51c5d8229a8787024f8be5e4c67
-
SHA256
45ae311727a25c3dddb6d20ffc15003697564f776a2d1db59a9b7c61d2fbf03b
-
SHA512
8a9c54b46fcdfa491da37236d4392d30773e7781b17cbf29b4087b604edea06e3435b27690eea27c68d351c9a85d3f1d27a13cbdda1c86b7f83ea1066c04e414
-
SSDEEP
1536:9XWLvujp9SeuA6EDGiOtkbZppmu6PLmOx/dM7mApiO+1JUZ:oLvUFuA6EDAkbZqDmOx/dMtiO+1JUZ
Malware Config
Extracted
xworm
mother-boutique.gl.at.ply.gg:5525
-
Install_directory
%AppData%
-
install_file
svchost.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ыфвывфвфыв.exe
Files
-
ыфвывфвфыв.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ