xworm | test[.]rar | Triage

Sharing

Copy URL Twitter E-mail

General

Target

test.rar
Size

355KB
MD5

6f10e11ee1870ee6ca717e694ffd4552
SHA1

a8010b036932cbc467a2d8e4a403b257a5143f97
SHA256

2700764fe222fe92a18ebe26754b978b12fc928a9d705707b14e5efec55373fe
SHA512

dabad567b31fe2808363d8c7f73f8da8fb1364fe0cd88aed00bcd154c918c4c7ea7865283520784e6352e8d27a7ec2b90ca3076bba8952b28fbf4d9718a2ff54
SSDEEP

6144:JIe0X/cFFADcmk3VV+sx0qpo0XMHicS1jatl7622CxHjGC5BEbG+dPrQ62zG:uO4AmklV+K5o0cHi9Wf7622aJ5B8rQ6F

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
static1/unpack001/test/bfhmscc.exe	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/test/bfhmscc.exe

Files

test.rar
.rar

Password: 777
test/bfhmscc.exe
.exe windows:4 windows x86 arch:x86

Password: 777

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 615KB - Virtual size: 614KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 57B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ