xworm | FIX[.]exe | Triage

Sharing

General

Target

FIX.exe
Size

72KB
MD5

a3835ba40f5b51fcc9ee63cc6427e436
SHA1

fb164a24a88e693e64c9a7ba3a07e2dad2f70925
SHA256

b86ce9cbf167771589861304b8197cdfbe175f1f1dbb5aaeb298ff8f4b25d075
SHA512

65c55dc66bb3c6c38b6e2d008ad890f29fc3912636062c10b79c08d66553ea4733c3d602f4b84d60422fd5e479eb53bd119c5124e790d332b3d0d9061166fc75
SSDEEP

1536:ohtVHBkikAyLtb7fGM76BDP/qU6/kAWaOsponokY:ytVhcAyZb7f2DqCNaOCqY

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

remote-newest.gl.at.ply.gg:58403

Attributes

Install_directory
%ProgramData%
install_file
Windows.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FIX.exe

Files

FIX.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ