xworm | test[.]rar | Triage

Sharing

General

Target

test.rar
Size

361KB
MD5

00a2220ec88ef5070c55096001851003
SHA1

56dbd01d931c30e08ba360a4cf97443c9d93e43b
SHA256

e90e98ed85bbfbfcd83102e5e9ebd004b8b41bdc549eb009ab1060d9e551b814
SHA512

90c661cbcd0a9365a9c2cd3ede24ffa0b23bc02c24e8d903947e4decefff0e46866886fc4ca09afb66d40a5a5a3c953826c3843618fe50455229b844ca5ed0cb
SSDEEP

6144:V3yCLIjvA04cZ3CB8bERYQEozphqIqdl2RbGQdVP7nVrt+TMt:zwv8EyObERYoPwdlGnnV5+8

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/test/bfhmsc.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/test/bfhmsc.exe

Files

test.rar
.rar

Password: 777
test/bfhmsc.exe
.exe windows:4 windows x86 arch:x86

Password: 777

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ