General
-
Target
XClient.exe
-
Size
41KB
-
MD5
e8b4bc0f1ddd5320b140ee07cf9edfff
-
SHA1
d064a3baae4b5f7cf01322fb7ec7462fbd0338af
-
SHA256
572ef9217564bc9839fdf9f336581840910617058aafa9cbaa4f7ed286b0876a
-
SHA512
4df9395215461236706f688cd71bbc1139b0d2f848bcf71af153b792a5e7b236cfd1378273fd8f295023c6ea90bd701b24fa726a033c028bd8bb020d249b49e4
-
SSDEEP
768:od4LOwcmOsGuECAr43MxfJF5Pa9p+g6iOwhc3/ibf:okHcmOFrRrNRF49Ig6iOwaaL
Malware Config
Extracted
xworm
5.0
127.0.0.1:48210
growth-planning.gl.at.ply.gg:48210:48210
AaRDrhTNYI9Qp6SN
-
Install_directory
%AppData%
-
install_file
XClient.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XClient.exe
Files
-
XClient.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 39KB - Virtual size: 38KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ