General
-
Target
test.rar
-
Size
355KB
-
MD5
6f10e11ee1870ee6ca717e694ffd4552
-
SHA1
a8010b036932cbc467a2d8e4a403b257a5143f97
-
SHA256
2700764fe222fe92a18ebe26754b978b12fc928a9d705707b14e5efec55373fe
-
SHA512
dabad567b31fe2808363d8c7f73f8da8fb1364fe0cd88aed00bcd154c918c4c7ea7865283520784e6352e8d27a7ec2b90ca3076bba8952b28fbf4d9718a2ff54
-
SSDEEP
6144:JIe0X/cFFADcmk3VV+sx0qpo0XMHicS1jatl7622CxHjGC5BEbG+dPrQ62zG:uO4AmklV+K5o0cHi9Wf7622aJ5B8rQ6F
Malware Config
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule static1/unpack001/test/bfhmscc.exe family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/test/bfhmscc.exe
Files
-
test.rar.rar
Password: 777
-
test/bfhmscc.exe.exe windows:4 windows x86 arch:x86
Password: 777
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI
Sections
CODE Size: 615KB - Virtual size: 614KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
DATA Size: 12KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
BSS Size: - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: - Virtual size: 16B
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 512B - Virtual size: 57B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 42KB - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 150KB - Virtual size: 150KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ