xworm | XClient[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

47KB
MD5

3c6a06d85411183f5d04de3952fde51d
SHA1

d7d421944d12806f2516177c41a4a84946fe0fe2
SHA256

3a3817cd12022059473cc9e50fe7f95e4b2efabd40bcc8b710b00d89ef592ec0
SHA512

1b1b1696bf7003a59c9ef9784da92bb51a9c0593266e2e620fd3e7261f45c40fe59cd86b27013a4c1218facd232c9924aba255093ead000ed0c16e167caa1e60
SSDEEP

768:ZRyRTepnOUsxe56f4z7xnmaikbsn6WH2kBOelhkkLKa:3yE9OUsk5FX5mnkbsn6MBOyaiz

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

clxpv3-51562.portmap.host:51562

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ