xworm | Client[.]exe

Resubmissions

19/07/2024, 03:47

240719-eb8axs1ekr 10

19/07/2024, 03:32

240719-d3mmvstgma 10

Sharing

Copy URL

Twitter E-mail

General

Target

Client.exe
Size

73KB
MD5

f838c36739c959f7ab74ab83c4517f56
SHA1

ea3b62e12155b40534b9cc7aa04011c30cff73fc
SHA256

52e89b58e9cbf82c77a6158809c5c96d3e02785c756d8d1c4b5bef9bf9492a3c
SHA512

f2d55e70f7734cd11debb8b5643d86a219bf9a8ab08dd7d0fe19677c7cdd6e225f39f2d6c36398dc22c2fd3bc0bc86ec2177c53a127b7ff115e4428a208cac4f
SSDEEP

1536:NA3bvywXBZUZM+bMQCJz2AMShb70bKpsWtcO3UN:QXe6+bBprSdWF9O3k

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

san-contains.gl.at.ply.gg:10095

Attributes

Install_directory
%Temp%
install_file
Update.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Client.exe

Files

Client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 70KB - Virtual size: 70KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B