xworm | host[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

host.exe
Size

61KB
MD5

6e64d71c8eb58a4c10efce2b0a95d3e4
SHA1

324f85bb5f1cd53e26289ca53e471e45d5c28544
SHA256

fc91e9ca2e39a6be32c37cdbb255be9073e4e41793a688068fb59ad298684734
SHA512

ceae0fe693f784f11086a474ed117da8ec41604f1b5f1235cfdb3ee76bfa1f236f3e931931e5c6e560308013bbdcf0fce0177cc8f06afeac14cd45867e7b51d9
SSDEEP

1536:/mPhQ2eTH4BQoBSQb2lUbPQ6QCOXBeaaO9h:/rvTHW0QbA3COXBe/Ih

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Attributes

Install_directory
%Public%
install_file
host.exe
pastebin_url
https://pastebin.com/q7CQr5AW

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
host.exe

Files

host.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ