xworm | XClient[.]exe

Resubmissions

14/09/2024, 20:11

240914-yynpkstcqr 10

14/09/2024, 20:10

240914-yx6trstcpl 10

Sharing

Copy URL Twitter E-mail

General

Target

XClient.exe
Size

39KB
MD5

e41d8d78c96d60ebddbd2e61153ccd58
SHA1

891349e28b076efc618524bfa66a999b3e3112c3
SHA256

f2afa401853ffe9871872330b5b12934e2ebd0e7a5b0adcc29fdde676b2ac49c
SHA512

0c8fb2f5b6b47fb16975eb2161478f120a70fd78a1debba0df4cc7d661991343d9f157c385132efd435bfdff920c80d72c22417fc366e73e6876bb389e23def3
SSDEEP

768:b1yAHtaAPqdFuYhlfb/+0TbI1FU9sSF6TO+hdmVy:bUCPqd7hlj/+QKFU9sSF6TO+foy

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

xizEJyDdURyj68Wa

Attributes

install_file
USB.exe
pastebin_url
https://pastebin.com/raw/zjAqGG5w

aes.plain

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
XClient.exe

Files

XClient.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Extracted

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 37KB - Virtual size: 36KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B