xworm | Uni[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Uni.exe
Size

173KB
MD5

0bc920155e82050a7fe5ce021a775379
SHA1

49c98a45d2acd8b2db3f93a24f72dbaccf50af68
SHA256

363298c656da1c138f676c8f7711404e4c4e56437426fb58f2a8307fac4b3ed5
SHA512

c407ebed50a139006925a1d6b01be828795f0625fec7a1d9f64cff456615c16708bd62d653ae7109cef5fa841cf4fb004b066412f8851dd7116b929b9ecb12d7
SSDEEP

3072:n4Z6TPqnNtV+bqPrPihRGrOdD2JBz65/M6If+3Js+3JFkKeTnZ:42PqNt8b4rKm3JxBt25

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

hill-java.gl.at.ply.gg:55199

Attributes

Install_directory
%Public%
install_file
Uni.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Uni.exe

Files

Uni.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ