xworm | Roblox cheat[.]exe | Triage

Sharing

General

Target

Roblox cheat.exe
Size

71KB
MD5

f24d23861ae25a5e29ed07ce2edf23ae
SHA1

f44fb5843e43b04f2ab6d372131f780cc4d93e22
SHA256

aeb935a0eed839b1670d762dba8c2ccf443340d4344178070c74be2e666e8e0c
SHA512

4c037c2a699a2349d092686ac18697278d4a52c01752234f4fd3ea2578f8f321557ecd40616ce060fd0ae24411dca9de1f01794cd44a860ed889cbdaf05e2cbe
SSDEEP

1536:n5+ZIZ0yIelWO+4ZbjClLVUwNNyO3wQZS:n5+Z9yIIWOhZbjyUQMOAaS

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

Version

3.1

C2

147.185.221.23:53631

Attributes

Install_directory
%AppData%
install_file
USB.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Roblox cheat.exe

Files

Roblox cheat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ