General
-
Target
XClient.exe
-
Size
45KB
-
MD5
e0fb63cb2f98f2171c487581ef7cdd71
-
SHA1
c13965c5427bad02085506adc75a9f63be6052f4
-
SHA256
2dde57e7aba4016a4c2e6bc2696e32a9100ae9fd694dca248173b4b9f77d19fd
-
SHA512
292b87b8bc01169a16f5adaf7536f0577ad040c97ef87912fde3fd09d04b767df5f664797aa2144f5fa9c12dd91882c144417a71577f6f723636f9906618dd1d
-
SSDEEP
768:DidvUO8HUh9KpiTw2NBEcNcehlVvD4xeVhKfkvLbFEPa9pvc6iOCh0zjif4C:Diu7HktvnRa+lZrOM/FJ9Nc6iOCSegC
Malware Config
Extracted
xworm
5.0
everyone-matches.gl.at.ply.gg:35270
ILKGWCqSjMJj9urq
-
Install_directory
%Userprofile%
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 43KB - Virtual size: 42KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ