xworm | msedge_visual_render[.]exe | Triage

Sharing

General

Target

msedge_visual_render.exe
Size

188KB
MD5

e796b778b392f06de4d340ec0f88b4cc
SHA1

32561bf3b022aef8a62bac3e820ef7e3bc648f57
SHA256

1ff08d4cbe1a41c10692941c7835b93ea5738057dc381cf4704136436911df05
SHA512

dcdbeb8d1720b2bfe8ce8c2311414b71ec090eb94db53d379c08cbf7b17a25ac4bc9488315e867406bb1661a76df223c953f01c7d40997fdf9ccb20daaf4c8c7
SSDEEP

3072:2rhv4AbmL4mkbrz9EO7PvJKRUGKXs+S++7KFSbxeY+qDDrMn:2r7bmclbX3ZGqStKEbxI

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

23.ip.gl.ply.gg:57660

Attributes

Install_directory
%AppData%
install_file
msedge.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
msedge_visual_render.exe

Files

msedge_visual_render.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ