xworm | 1c50cf55533b22f329fbfc61d8770ba3a54fd7c06db5d01827dc382de2d634ad | Triage

Sharing

Copy URL Twitter E-mail

General

Target

1c50cf55533b22f329fbfc61d8770ba3a54fd7c06db5d01827dc382de2d634ad
Size

389KB
MD5

848d168e59619032befadf42f5c154d4
SHA1

9e0a31dd6aab4c42127dbf27bf2742eb18a1b8fc
SHA256

1c50cf55533b22f329fbfc61d8770ba3a54fd7c06db5d01827dc382de2d634ad
SHA512

b13b4231240b453874ab8eb30be858ec9d2d7fcf7d83a2abd38378b40d0aec82556362a5f4cac2111901d93de8e29c176c610c244759c4014a0b262e1caf0b0e
SSDEEP

6144:JfXApUZ6OsNHDPTSfHrA9orwT5dTX/qIb5rERW+fdYpHDyLxBt25:J4pUZ6OgHDGkorc5dTxrVpmLxBt

Score

10^/10

vmprotect xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
1c50cf55533b22f329fbfc61d8770ba3a54fd7c06db5d01827dc382de2d634ad

Files

1c50cf55533b22f329fbfc61d8770ba3a54fd7c06db5d01827dc382de2d634ad
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ