xworm | MultihackMinecraft220v[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MultihackMinecraft220v.exe
Size

448KB
MD5

79527a8205a3da6cc78b67d1145bba6e
SHA1

00935259fd006c0f779450e8583045cf91717a8f
SHA256

302a064eb5423443ad2f35ad99153aeace67c33413773abcecb20445726a0165
SHA512

e43411ecdf449cc339cc4b606fa9dff23670e3c70f3b8aa72d1c5cabb5fb356f6bbb5b476151e5047e0f658e3e60af0f8a99722569f2ea2985ef03774740b4af
SSDEEP

6144:KftkL9q5LFD/T/sXwxxV2I3SWhWA198fdLvcM/VUhcX7elbKTuq9bfF/H9d9n:6tkKZD/8Qv20WC8fdt3X3uO

Score

10^/10

vmprotect xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
MultihackMinecraft220v.exe

Files

MultihackMinecraft220v.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 280KB - Virtual size: 279KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ