xworm | DupeReallyWorld[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

DupeReallyWorld.exe
Size

172KB
MD5

649623561d3fb635f668fa0e8520ab9c
SHA1

8c121c4cc423e26ff1f2cf2d8c7b81bc06f7188b
SHA256

5b2f02e13a1f39a317671a164947d9076f93628328bd020b053720bd51223893
SHA512

628f23cd79616646bc4030970744e5f9010ae9503ec1c11a53556df9d86a0e1f1175b4613c9aa4f8d4b1e8e8a2f57d4c36afb5a5bc7a00240b27a80369f3ba9b
SSDEEP

3072:CB07DhdC6kzWypvaQ0FxyNTBfzvayxhZiuSjhhg+bOvrJdObO6ujec7:i0BlkZvaF4NTBLv9PZi7hhBby7OM64

Score

10^/10

xworm

Malware Config

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
DupeReallyWorld.exe

Files

DupeReallyWorld.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 770B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ