xworm | WizLogger[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

WizLogger.exe
Size

61KB
MD5

32d4b4b98dd2266d192cd68584c4ba3b
SHA1

1a981f092b337dee9f97ca468342dd8ac306700e
SHA256

45f154ca4feb278643ffc6fdb591a01cc0b07e9694e107d7e133f6517f967a73
SHA512

5d74899ff395ffb9b44fa53304bdbeda30a3f547c9ee1d779a15aa60cc37b404a59e3e4efaac9643351a35fcb365d5a93edd04f326283690860fb2791834d463
SSDEEP

1536:3pxN5s40bzR4dwzbq50zbpKJjK0ZRZ64Olx6wMtE:3O54Wzbp7mhOlx6rtE

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

told-contacts.gl.at.ply.gg:8787

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WizLogger.exe

Files

WizLogger.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ