xworm | Ban Bypass (AA)[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Ban Bypass (AA).exe
Size

581KB
MD5

793b8d5ea1e7de3f1f8bde829cf61eee
SHA1

d2a67e2ecc6a9b92bbe7fefbd1c1f0b5294b4a83
SHA256

75781d1f8eb22e6eb703ac93a408868b7826d5651525b3ef9327c095a805436a
SHA512

f1dbc9b59317ed4fbe2285fe2bf5869faef4eaf97699c17a492a076036505725cabbc9a48394fc16f981e63ea7c115efd7999739e7caf51c7c41966a26cdb122
SSDEEP

6144:Cvhv4Vv4evfA2LKbgX8kyMX3eU9bgqKD/z:Cvhv4Vv4evrLKbE8k73SqEr

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Ban Bypass (AA).exe

Files

Ban Bypass (AA).exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 579KB - Virtual size: 578KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ