xworm | wefwf[.]exe | Triage

Sharing

General

Target

wefwf.exe
Size

57KB
MD5

ee3d8afb08a2a88928c2b3edaefef4b5
SHA1

7224ca79a5675b2d097b112ac05cd295cfabdb59
SHA256

bd0232d8961ab07c52d33c336b2ae22801537def43785e959eb4982149983b9f
SHA512

1e052b8b72e8912a6917049108df7639983d81b39cce266ef3d45fdef213af3eea585db05050635baf4da4c734f49a7cf544faf0923293ed9fc9c55e6e9f60c6
SSDEEP

1536:regNzd4DXSx6euMSgbqMvdFeUEG6jOqaX:SKzd/Q8TbqKhELOq+

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

147.185.221.16:40164

147.185.221.20:40164

Attributes

install_file
System Volume Information Prefetch.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
wefwf.exe

Files

wefwf.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ