xworm | 0x0007000000016d42-20[.]dat | Triage

Sharing

General

Target

0x0007000000016d42-20.dat
Size

75KB
MD5

8d6e86e6e799c75bd5123534bdbf411b
SHA1

9fc526e97077ed2a5e78371fdab5ab7ecf789368
SHA256

7892c9f14967696e15b99b3eac66d65643357c9a4315f5e8210c8437c6617888
SHA512

8cd6e706c3f36d7cb1d6eed3717fd3e96863b6fcf4ee3425f7b08823b8dc364a1de215b578310a3d1fddd98f9eb648ddeafd85d8a2feed399d46fba7dba09265
SSDEEP

1536:2Z6tgBI11qoEgGBfCDYsN+bT0IrgLSUtmf6/rhtOs4eJ9SYUh:2Z1I11qoGBgYA+bgIEOe9htOs4eJjO

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

45.145.41.178:1111

Attributes

Install_directory
%AppData%
install_file
Windows Defender Notification.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0x0007000000016d42-20.dat

Files

0x0007000000016d42-20.dat
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ