General
-
Target
discord tools.exe
-
Size
206KB
-
MD5
5de0fd0aede9d27d55b190d276bed44d
-
SHA1
8df474813929d3281bac1692239753656a755b1f
-
SHA256
ff0a9b015fb0086dd47ab702d330855fe4adbe31824c5da4d46c98f8e945f7df
-
SHA512
8ffb96fdff2d1f1a62d22aceff1cbf37750537abf423b37ba53d8fe59d72cdb8c21425f0a5fedb3aa1e59714d8b122bb854f4c5f3565873917c49ce2654c438c
-
SSDEEP
3072:slh+G0xf/Fz9hwjOMZ8SKfbzxcwg7es6/Vsb8VKTup49oJMfF/H9N3Ky9NzLng:aeLz9mrUhcX7elbKTuq9bfF/H9d9n
Malware Config
Extracted
xworm
5.0
127.0.0.1:1000
xup1NmIgdRZrKVku
-
Install_directory
%AppData%
-
install_file
bitdefender.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource discord tools.exe
Files
-
discord tools.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 38KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 166KB - Virtual size: 166KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ