Malicious
Malicious

5628f16de5cd1e8a9a4401eac7b1e3b0

PE Executable
|
MD5: 5628f16de5cd1e8a9a4401eac7b1e3b0
|
Size: 114.69 KB
|
application/x-dosexec

Print
Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very low

Hash
 Hash Value
MD5
5628f16de5cd1e8a9a4401eac7b1e3b0
Sha1
57290d636976719a44a7603fd51ad140c6a0cdb6
Sha256
db5ba574b6107181d23ff1cc5b20b6fd69a559c9b80c6ecd16466223567e472a
Sha384
8a3a270669032f17be9e4bbcdcbfa7875d2bfe53448fa71e7fc0f372dbd46f38fe12c9d6f5fe09937c046742ba1c867f
Sha512
0fa9c6c2a2194062cbfc4d3f8223ec25ff830fa73c457a26f2afba5f757c00a34f601378e4f9fdf90bf6aa3a8d206eb403a1054ceca7d25ad8eb64895ce091df
SSDeep
3072:dnKvRjp1ieZEpfkJwuWzE0HkFw9eQOjRv:dKvRUp8SuPw9
TLSH
79B3D044F7A04226D8EEAFB16DF31A450671DF0BD613EB5F08E0B49E6F3368489513A6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
5628f16de5cd1e8a9a4401eac7b1e3b0
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_ICON
ID:0002
ID:0
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Malicious
files.resources
Malicious
jZqlPomNkc
jZqlPomNkc-preview.png
upVxZzHoPV
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

kQzLaypDO41zxY4x
Hosts

45.153.34.186
Port

443
KEY

<666666>
USBNM

<XWormmm>
LoggerPath

%Public%
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

img.Scr
Full Name

img.Scr
EntryPoint

System.Void Bound.Open::Main()
Scope Name

img.Scr
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

img
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

7
Main Method

System.Void Bound.Open::Main()
Main IL Instruction Count

43
Main IL

ldstr files call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.0 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr YzcuazCpPa.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr upVxZzHoPV callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr YzcuazCpPa.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr TAWGP_zYGl.png call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr jZqlPomNkc callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr TAWGP_zYGl.png call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_00A0: ret stloc.1 <null> ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.Void System.Console::WriteLine(System.String) call System.Int32 System.Console::Read() pop <null> leave.s IL_00A0: ret ret <null>
Module Name

img.Scr
Full Name

img.Scr
EntryPoint

System.Void Bound.Open::Main()
Scope Name

img.Scr
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v2.0.50727
Tables Header Version

512
WinMD Version

<null>
Assembly Name

img
Assembly Version

0.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

7
Main Method

System.Void Bound.Open::Main()
Main IL Instruction Count

43
Main IL

ldstr files call System.Reflection.Assembly System.Reflection.Assembly::GetExecutingAssembly() newobj System.Void System.Resources.ResourceManager::.ctor(System.String,System.Reflection.Assembly) stloc.0 <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr YzcuazCpPa.exe call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr upVxZzHoPV callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr YzcuazCpPa.exe call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr TAWGP_zYGl.png call System.String System.String::Concat(System.String,System.String) ldloc.0 <null> ldstr jZqlPomNkc callvirt System.Object System.Resources.ResourceManager::GetObject(System.String) castclass System.Byte[] call System.Void System.IO.File::WriteAllBytes(System.String,System.Byte[]) ldc.i4.s 28 call System.String System.Environment::GetFolderPath(System.Environment/SpecialFolder) ldstr TAWGP_zYGl.png call System.String System.String::Concat(System.String,System.String) call System.Diagnostics.Process System.Diagnostics.Process::Start(System.String) pop <null> leave.s IL_00A0: ret stloc.1 <null> ldloc.1 <null> callvirt System.String System.Exception::get_Message() call System.Void System.Console::WriteLine(System.String) call System.Int32 System.Console::Read() pop <null> leave.s IL_00A0: ret ret <null>
Artefacts
Name
 Value
Mutex

kQzLaypDO41zxY4x
CnC

45.153.34.186
Port

443
5628f16de5cd1e8a9a4401eac7b1e3b0 (114.69 KB)
An error has occurred. This application may no longer respond until reloaded. Reload 🗙