xworm | VLC[.]exe | Triage

Sharing

General

Target

VLC.exe
Size

81KB
MD5

1f73404feeb524f87b735f8a307858ce
SHA1

e594674f72a1b964ad0a0eeacf13a816e8080345
SHA256

0ab7c68c204a6fff8780f421a09f48fda54f125c8b7105b78d226d403eac1efe
SHA512

053c7aaae6dbf292bccb4d400a207f9e65a9ac571fcf0e7f5980139ca241749f64775463c384a5f94062bb988976e77b43494b4df7f8f93f08b2fa1c0427e86d
SSDEEP

1536:jJ3p6gS/JMP3pCWOUmJQqbtc4nk/y6bnBORSx0d0hdS1EAd8IIb:tBwIBmJbtW/vBO8jbgEA6IIb

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

212.92.254.164:7000

Attributes

Install_directory
%Public%
install_file
VLC.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
VLC.exe

Files

VLC.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ