General
-
Target
test2.exe
-
Size
87KB
-
MD5
4320126106b2eadc48c4955f3ad399b3
-
SHA1
c07ccc8bc99b4fab97b7013bb12149da6e478b51
-
SHA256
6cac4ba22423aeb868cadc83017b48f94de88d1fddef1b24d4a817a4b1890596
-
SHA512
66a0681d14ec9adcf2f2e722cfd2effad7393f5345bd62ae7e0bc51c7598273414642e839ffb166a4c7704c03739567f9c14a5a0dac94bed141823899a56afe5
-
SSDEEP
1536:IiJexiGbvh6Js5M+98FX9KfOM5svJfcFUgZ6odzz+BREZVJ3bd8sD:ITx76iHyFX9KfOM2QUgZ66z+n4VJ3bdd
Malware Config
Extracted
xworm
5.0
103.252.89.37:7000
o3ugX2ziW4uWHMtm
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource test2.exe
Files
-
test2.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 34KB - Virtual size: 34KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 51KB - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ