xworm | Loader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Loader.exe
Size

172KB
MD5

df88d425ac61dde7203e36af6901b1f6
SHA1

e7150f69e6e1a0609ae13f09bcf2c9227d61d7c5
SHA256

9414c3bcc18ab24b9d8c31b03bae0808f6bfc75af980f95dcaf08d3d1226314e
SHA512

4dadc7eb7d9f37b81d96e24b9bc29278b00e02c9f493170262cbc5e446a42f3a1dcc10bde1ea69ebaa001640a3e5f30aacd7e56ae00be869949e002cb8d0bf30
SSDEEP

3072:rsRJMLnmpredZbwOUPmOyE+4L59RJMLnmpredZbwOUPmOyE+4L5D:rsfwAQbPaLffwAQbPaL

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Loader.exe

Files

Loader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\maddo\source\repos\Anti-Kill\obj\Release\Anti-Kill.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ