2d2db7a006dfac4b5ba6661e39c180b3

PE Executable
|
MD5: 2d2db7a006dfac4b5ba6661e39c180b3
|
Size: 33.28 KB
|
application/x-msdownload

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	2d2db7a006dfac4b5ba6661e39c180b3
Sha1	3ece38a944b344192b639a3562ecaede109139a6
Sha256	decb14d2723338d090ae684105f1bb2e4f616ac37675390a443309ffee03e8c1
Sha384	f788bc11fd4a045a30efd926053108cb53afef5709ff2bdb044e57e87a854343fb5339e4d888320ad3f5e6820671450f
Sha512	07aa618f23865bb16782cb1e8c89d8c98e126b230ebadff99dfea36ef1e82748d8a7948f2ecde5bdf82c557c9a6b1067cf5c56ec96a533c65823645be1e00a9f
SSDeep	768:tVa+vNtg+PB83Tw49FzVFE9jExTOjhjbr:dvNtgw83U49HFE9jEBOjpX
TLSH	A2E23A4877944312DAFEAFF12DF262061270D51BE913EF6E0CE485EA2B67AC047413E6

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - XWorm config.

Config. Field0	Value
Mutex	nLdMfDSJO7ns6f7T
Hosts	g100cf.ddns.net
Port	7000
KEY	<123456789>
USBNM	<Xwormmm>
family	xworm

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Module Name	XClient2.exe
Full Name	XClient2.exe
EntryPoint	System.Void Stub.Main::Main()
Scope Name	XClient2.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	XClient2
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	156
Main Method	System.Void Stub.Main::Main()
Main IL Instruction Count	58
Main IL	ldsfld System.Int32 Settings::Sleep ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String Settings::Hosts call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Hosts ldsfld System.String Settings::Port call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Port ldsfld System.String Settings::KEY call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::KEY ldsfld System.String Settings::SPL call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::SPL ldsfld System.String Settings::Groub call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Groub ldsfld System.String Settings::USBNM call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::USBNM leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() call System.Boolean Stub.Helper::CreateMutex() brtrue.s IL_00AB: call System.Void Stub.Helper::PreventSleep() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.Helper::PreventSleep() ldnull <null> ldftn System.Void Stub.Main::_Lambda$__1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Main::_Lambda$__2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name	XClient2.exe
Full Name	XClient2.exe
EntryPoint	System.Void Stub.Main::Main()
Scope Name	XClient2.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	XClient2
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	156
Main Method	System.Void Stub.Main::Main()
Main IL Instruction Count	58
Main IL	ldsfld System.Int32 Settings::Sleep ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String Settings::Hosts call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Hosts ldsfld System.String Settings::Port call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Port ldsfld System.String Settings::KEY call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::KEY ldsfld System.String Settings::SPL call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::SPL ldsfld System.String Settings::Groub call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Groub ldsfld System.String Settings::USBNM call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::USBNM leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() call System.Boolean Stub.Helper::CreateMutex() brtrue.s IL_00AB: call System.Void Stub.Helper::PreventSleep() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.Helper::PreventSleep() ldnull <null> ldftn System.Void Stub.Main::_Lambda$__1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Main::_Lambda$__2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>

Artefacts

Name0	Value
Mutex	nLdMfDSJO7ns6f7T
CnC	g100cf.ddns.net
Port	7000

2d2db7a006dfac4b5ba6661e39c180b3 (33.28 KB)