General
-
Target
program data.exe
-
Size
41KB
-
MD5
2d6b31bf252ee76d383eaa1acbb70aba
-
SHA1
62e602e671d226b5366915d6f113119c6953a4af
-
SHA256
34a231a9d3932cefdb2298fbda558d1053d52ae23fec05ff537845e1686af642
-
SHA512
4f7559cb3e5d16eff83069cf65dcac930170099ba69906b4de00c05377633ee4e6f5db659b63def2d1a69adea79d851719ecf600eaed06502283ddea8e81db2d
-
SSDEEP
768:od4LOwcmOsGHGVCAr43MxfJF5Pa9p+m6iOwhJ3/ibc:okHcmOFHyRrNRF49Im6iOwzaw
Malware Config
Extracted
xworm
5.0
127.0.0.1:59571
las-protected.gl.at.ply.gg:59571
lyJCifJS2nbDMGrm
-
Install_directory
%ProgramData%
-
install_file
XClient.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource program data.exe
Files
-
program data.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ