Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Behavioral task
behavioral1
Sample
adsav.exe
Resource
win10v2004-20241007-en
General
-
Target
adsav.exe
-
Size
55KB
-
MD5
80c7ba2da4987600d1e9008265aafb0d
-
SHA1
4712783a6004912fd4cedd71e9f60a0ddd03b6d0
-
SHA256
47d0ceb844938cc8c28168f069f45461e5f0d670205fef7d092a41704ae416f0
-
SHA512
fbefdc6b3f2d6669c1382ebad364d96e9561c40d561e6d9d9a1d50e331d54c72d7fd3602f8f9e2824a43ee11e20bd0d15f2dc80fef27fe840618c0b2c6c31317
-
SSDEEP
768:h2GgkY5J4Z3LSPQVrHO46v/qNo/ORG7CAXORF72pC+beeM2cSj428lDADOcLeh+E:hLEv/6om47OR92k+bVRcSESO7gJXG
Malware Config
Extracted
xworm
127.0.0.1:58981
147.185.221.24:58981
-
Install_directory
%AppData%
-
install_file
Update.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource adsav.exe
Files
-
adsav.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 53KB - Virtual size: 52KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ