General
-
Target
OrcusEx.exe
-
Size
80KB
-
MD5
9c6ced4247bf13f3a4b66e9f3f1f998b
-
SHA1
f976209445dae21efd9f405a3cb8d9cfdd433e60
-
SHA256
b64bc600e4ce6bcaa468c60a9bb99f5eb5a9369e5d658d0292c35b19d875423f
-
SHA512
bc501c187f7ae0e787ca396a6c3e72c8bfe7481eaa8472bba61e6af69e26078ff9913c4511d73f280a72131379db7c07440653356bca2b6e0c96391a7ac00410
-
SSDEEP
1536:sqKKfsRhC12c4UuxqbFCqAKlkr6h2yYSO7nRa264fUX8K:jKTA13kqbFzlkyHO7I2hcX8K
Malware Config
Extracted
xworm
pro-christian.gl.at.ply.gg:56938
recommended-somerset.gl.at.ply.gg:56938
-
Install_directory
%AppData%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource OrcusEx.exe
Files
-
OrcusEx.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 68KB - Virtual size: 67KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ