Behavioral task
behavioral1
Sample
XWormLоader 5.6 x64.exe
Resource
win10v2004-20240611-en
General
-
Target
XWormLоader 5.6 x64.exe
-
Size
62KB
-
MD5
e166dd45fd4a6d4e228f0a89fa3730c1
-
SHA1
98b15dc0ca3fde498d3ad1f53d542ee0b5024075
-
SHA256
60ddff3747cec6439d564d036b7a0f15ac22de87fe3d41dc3f6eca9292ca1cee
-
SHA512
beb7db6cb84ff8953d2892e710832b84d08cbc9daf68f0297ed169612fc30d9cc5ee9d7dda5a4cb4b19b407a34e94a26b117de0b7d4b831c348ff8a4715cd624
-
SSDEEP
1536:UjwsKswX1sd3vObCAaCN5C6qXOsQh6wm7:UkWk1e3mbCvMmOsQhI7
Malware Config
Extracted
xworm
feb-victorian.gl.at.ply.gg:12082
min-clusters.gl.at.ply.gg:12082
-
Install_directory
%AppData%
-
install_file
Antimalware Serrvice Executable.exe
Signatures
-
Detect Xworm Payload 1 IoCs
Processes:
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource XWormLоader 5.6 x64.exe
Files
-
XWormLоader 5.6 x64.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 60KB - Virtual size: 59KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ