xworm | FunChecker[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FunChecker.exe
Size

55KB
MD5

d2e26544dbef4d4d10b9f236c60b4c02
SHA1

e04d4984ae8d94188c0fc56448974c4349d4f750
SHA256

53f206172919879324af4886c164e71c0e9ed6bd2c4d2cb9aff520608e0347f7
SHA512

0009e4aee02066cceab94a3730c6ee1e3656d124403707adb0c28a54103cc5b8237e15a35e7beb6540c7b941a2de4afd4cd3ff471fc9d2c8c64748a04e988e21
SSDEEP

1536:c1HbZvVyLdQqun4RBVjM99fx+bBrrOCsi9EmxIRrOjt8:c1HTyRQqhAPx+bBt9JIRrWt8

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

connection-elect.gl.at.ply.gg:37777

Attributes

Install_directory
%AppData%
install_file
FunChecker.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FunChecker.exe

Files

FunChecker.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ