General
-
Target
cracked-by-svepped.exe
-
Size
42KB
-
MD5
2b8e03a1eb261521856fefaccf8d5217
-
SHA1
c5b48468d29aba617c124a272d6e8303a177af54
-
SHA256
20b4dc56de3d5c02cab87b5ad12be863f209e0ec31e7c6ff38f053eafa0251e2
-
SHA512
aa0e51a9a68a35d2118e9130c09a0248f0e16d04341e9e17c5f9f7dc49bcaf53fc8cac015af0e45e98e29649fe33abd1f5f6493dc13e4c215f406d957c28cda0
-
SSDEEP
768:XVa+vNtg+PB+3Tw4OFzVFE9jOOjhpbomn4P3UX8cOK:/vNtgw+3U4OHFE9jOOjL864fUX8Y
Malware Config
Extracted
xworm
5.0
127.0.0.1:7000
yToUdX4TuTDH1jr1
-
install_file
USB.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource cracked-by-svepped.exe
Files
-
cracked-by-svepped.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 30KB - Virtual size: 29KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 11KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ