xworm | x[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

x.exe
Size

43KB
MD5

e61141a7ae1bbdd5fb0434f2c946b566
SHA1

e3d273eaa76ab582fb5b838247e353d0ba7f5a91
SHA256

80fc8a632e482b50356c24f84a04f72dcec1c88d1259c5f8b121c5acc6135b93
SHA512

23b02d8274e3ee73b882579017a8f12ab96f3b5b545f608ed8a84de56787a00bce06a4236f73951dfeb860f5817f8cc090c37b648a343a9cfe81332f967e11d6
SSDEEP

768:mZzGU8kyq5bzbTfFX8WuFZ4sJF5PC9O9E68OMhy3/qQnMN:Czf95/b7J89/Fc9UE68OMInnMN

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

C2

89.213.177.100:7000

Mutex

Nu9nyO3CNn7y2AvB

Attributes

Install_directory
%ProgramData%
install_file
java update (64 bit).exe

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
x.exe

Files

x.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ