Overview

overview

10

Static

static

10

COMSurrogate.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    COMSurrogate.exe

  • Size

    52KB

  • MD5

    e29368f60026108985add89714df95ec

  • SHA1

    cc496f2f0692cc21a08b56adb779e3911199d763

  • SHA256

    d9b565a1893cb98bf62fbc8f1da31927db20a48afa1621fd025dd99dda466662

  • SHA512

    8634c94963185a4d6752c556713f4af2fd65adea9daf4e8b61f074ff8e5cd9030e5f79fd3b49f178a9d7e7f890d15bb533779df3fecd1dcbb69c123a9802f153

  • SSDEEP

    1536:/ZBBbAUjj9Kmnu4xbkDgI+W3NCKIrP9Ufs5:/Bbr9KmuGbkp+WurP9UE

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Attributes
  • Install_directory

    %Public%

  • install_file

    ApplicationFrameHost.exe

  • pastebin_url

    https://pastebin.com/raw/yDh2MHWR

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • COMSurrogate.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections