xworm | FNF[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FNF.exe
Size

72KB
MD5

7ba910e4b921692a4e418714ac793620
SHA1

7b1b4a6b5685725e0dec2228949e491f308fac5d
SHA256

4668a7d8221f950efd39e8cd6157e9eee0fa4be8e98939d7abf6f9631316dc16
SHA512

7e894a009b6726eb213edf7870ee35cb9cc8f1e97da263fb85409f8bab15ef9acf128fcdea5a0cfe0dc44ac4363472e7882da729b6e2f63acdaabe96aba6eb89
SSDEEP

1536:UtcTuV44Xi9iaHchhxVON+bEezSR6gKHllCW66a7psAHOAkAepZjh:Ut4KXyiEchhx4N+bEec++7OUO0enh

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

true-britain.gl.at.ply.gg:45858

Attributes

Install_directory
%AppData%
install_file
explolrer.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FNF.exe

Files

FNF.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ