Overview

overview

10

Static

static

10

PjkFCWhi.exe

windows7-x64

10

PjkFCWhi.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    PjkFCWhi.exe

  • Size

    305KB

  • MD5

    0d92d183ad23d6c0b9a03f58be74d7ce

  • SHA1

    114fa3ac6a9b25aab30e6323f9f1456853534539

  • SHA256

    985b8eca2b9712dac91085b746a745ebf4ada16272bbc0539d8d8e9dac3d727b

  • SHA512

    eb67342a0efe92f35f0529c9fdafd0c39311e0ed8f0b0d3e530f284ba788985bb700f18e5b341f77b443fd2a3591ab79b725d6a47d5dcad1ac08825b7f68690e

  • SSDEEP

    6144:XQ3v9T+GIIIIIIIhIIIIIIIIIIIIIIIU:XQm

Score
10/10
xworm

Malware Config

Extracted

Family

xworm

Version

5.0

Mutex

vVXOElWG0hM0Ag3e

Attributes
  • Install_directory

    %AppData%

  • install_file

    Steam.exe

  • pastebin_url

    https://pastebin.com/raw/Pit7WkAV

  • telegram

    https://api.telegram.org/bot7494729704:AAGLY8mnPxkjjCvoEz520yCBT4GLhlnhRaI/sendMessage?chat_id=7222032715

aes.plain

Signatures

  • Detect Xworm Payload 1 IoCs
  • Xworm family
    xworm
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • PjkFCWhi.exe
    .exe windows:4 windows x86 arch:x86

    f34d5f2d4577ed6d9ceec516c1f5a744


    Headers

    Imports

    Sections