Behavioral task
behavioral1
Sample
HorrorField.exe
Resource
win7-20240704-en
General
-
Target
HorrorField.exe
-
Size
82KB
-
MD5
633268205b44383cb9ce111b02712911
-
SHA1
2f038d3aecda6401cd17c71b6256310c78801567
-
SHA256
6e5d28963d87a9722c7f67b5ec9938bf9da45c045fceeac7a66c19189d897669
-
SHA512
8a5abe02904b9a8770303af7fdb9ac6b7b371b48259087ad0ce35ebfdcba68da3683442165106b93a3363b99b2d2af45532989e3f79f76c7e40cfee9011b3bb7
-
SSDEEP
1536:8o526dv8MrVxbQ/HNpXpbyers97TzLnNO5yhEQyQpYc+vU0EEo3:8o4+rVxYHNfb9rmTNO5yK3c+VEb
Malware Config
Extracted
xworm
audio-conclude.gl.at.ply.gg:23572
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource HorrorField.exe
Files
-
HorrorField.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 67KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 14KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ