xworm | FIxed[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

FIxed.exe
Size

81KB
MD5

20567c9d1f5e47cff006c5c3c8297962
SHA1

427bc87c69a2f0be3a0ebd31f075c4e303e24afa
SHA256

0ac53146a050ae622013276ff6fc7f7645104b40e76311a4fdadacd18a971a7c
SHA512

f3dce790710cdf8d8c0265bd42a89f82b5f81cc27558cdf4b15bdafae61fb91f67db8cf8f97e0dbd11f2201f31fce14d36730f21a05bded667c1c26491834829
SSDEEP

1536:+R+OfhZaNGShm4BYxFjy3ro4YhG/ebmXD+BDlwj6BO124l11Csd5Ga:4hJQmXTObWbm6mYO111CeGa

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

lijaligibidu-35558.portmap.host:35558

Attributes

Install_directory
%AppData%
install_file
Windows Security.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FIxed.exe

Files

FIxed.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ