xworm | e032ade94efaba13c28f30fb72f183f35255bd2b837110790f870249b25c3061 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

e032ade94efaba13c28f30fb72f183f35255bd2b837110790f870249b25c3061
Size

1.2MB
MD5

3c5b535c800a12e4e70e2e2bf3e112ee
SHA1

3c8005a26a4cb1673e986f4ce7bb3b1022fab94b
SHA256

e032ade94efaba13c28f30fb72f183f35255bd2b837110790f870249b25c3061
SHA512

a304edbfd42eee041fd5ad456355b771c02ec6fb05edc21b5ff0b7576f3f86492cd040074d5e6121f187c3d79db85dcf7df5d7cc73de1975dfa0acca0e141096
SSDEEP

24576:/PV3UMjP3Zy3Oy5mvj/fbqnuygDt9SifW0P:/NM7EvXqnuF9SifW0P

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e032ade94efaba13c28f30fb72f183f35255bd2b837110790f870249b25c3061

Files

e032ade94efaba13c28f30fb72f183f35255bd2b837110790f870249b25c3061
.exe windows:5 windows x86 arch:x86

88381b84da56810b869e897e6d45bd58

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

V:\builds\BoxedApp\files\CC250444\src\BoxedApp\bxpackergui\obj\Win32\Release\DotNetAppStub32\DotNetAppStub32.pdb

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

EnumChildWindows

Sections

.text
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 216B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bxpck
Size: 43KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.main
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE