Static task
static1
Behavioral task
behavioral1
Sample
XWorm.exe
Resource
win7-20241023-en
Behavioral task
behavioral2
Sample
XWorm.exe
Resource
win10v2004-20241007-en
General
-
Target
XWorm.exe
-
Size
7.0MB
-
MD5
443869ce6e79ae0c460baee6537baee1
-
SHA1
e5710ea43cf7eb149fd6755e37e7fb1a9ef49385
-
SHA256
1648ca4e081c346db19b9cb6f93cdbc7b3c607c48ccb5e663aef2f6f595a81a6
-
SHA512
8a64d76ef0ca5899cb23206e267c0c48e8a91291984d3b9ea244837826e1ac7aaba1ebea8690db6a2c25a75041de5047cbd0954e166828e2f98818bb48a5c5a3
-
SSDEEP
98304:dDV2f3wZCIH1TTTTTTdfPPQVKR+WLqgBGuf2e2b542q:2wZCMPPmWugBG1V42
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource XWorm.exe
Files
-
XWorm.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
mscoree
_CorExeMain
Sections
.text Size: 6.8MB - Virtual size: 6.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 106KB - Virtual size: 106KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ