6bf62d5582a1fc7febba7044de658671

PE Executable
|
MD5: 6bf62d5582a1fc7febba7044de658671
|
Size: 39.72 KB
|
application/x-dosexec

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	6bf62d5582a1fc7febba7044de658671
Sha1	51286a69fe2bb45664a4a8b41ccbe06975578c27
Sha256	6a14c33160a4a542f95df93c71700b3d50ac45b172a2266615413bc8a9bdb02f
Sha384	2846df1473901a177932d792ee38dd9cec9486937180dbe15ad98fbfe95e2abf6721809b36f47155a8529f74c178b489
Sha512	2d22539594336c9db2ff62c8310a1a2a2f0a8a76846a7ae61fe3793d730a0acc55fca41de840babe4a9b4098976696c230c9a2f04ae5aa68bd372c1841271a9c
SSDeep	384:zIaJiqqWmMBHk9eDqXBvOMQ2XnLQRAvh0FbOKTCOQpCR6pkFTBLTAOZwpGd2v990:lkWkxt7KAvGFbO75pCDFo9jCOjhabh
TLSH	92034C4877E48312D5FEAFF02DF3720A1675E11B9813EF5E0CD489962B63AC246507E6

PeID

.NET executable

Microsoft Visual C# / Basic .NET

Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL

Microsoft Visual C# v7.0 / Basic .NET

Microsoft Visual Studio .NET

File Structure

Malware Configuration - XWorm config.

Config. Field0	Value
Mutex	MFYBgLy85MiltM+lmmum3AaStl4pE8pfKioOttnJa3TeUTCusqoBtclWZ8CWIcEN
KEY	JF6gjX2u3dfAYyM/cfmr6A==
USBNM	ILrulY1HWvrzivyjqmi5sQ==
family	xworm

Informations

Name0	Value
Info	PE Detect: PeReader OK (file layout)
Info	Overlay extracted: Overlay_60851e5c.bin (6440 bytes)
Module Name	xw1.exe
Full Name	xw1.exe
EntryPoint	System.Void Stub.Main::Main()
Scope Name	xw1.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	xw1
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	157
Main Method	System.Void Stub.Main::Main()
Main IL Instruction Count	58
Main IL	ldsfld System.Int32 Settings::Sleep ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String Settings::Hosts call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Hosts ldsfld System.String Settings::Port call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Port ldsfld System.String Settings::KEY call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::KEY ldsfld System.String Settings::SPL call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::SPL ldsfld System.String Settings::Group call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Group ldsfld System.String Settings::USBNM call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::USBNM leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() call System.Boolean Stub.Helper::CreateMutex() brtrue.s IL_00AB: call System.Void Stub.Helper::PreventSleep() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.Helper::PreventSleep() ldnull <null> ldftn System.Void Stub.Main::_Lambda$__1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Main::_Lambda$__2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name	xw1.exe
Full Name	xw1.exe
EntryPoint	System.Void Stub.Main::Main()
Scope Name	xw1.exe
Scope Type	ModuleDef
Kind	Windows
Runtime Version	v4.0.30319
Tables Header Version	512
WinMD Version	<null>
Assembly Name	xw1
Assembly Version	1.0.0.0
Assembly Culture	<null>
Has PublicKey	False
PublicKey Token	<null>
Target Framework	<null>
Total Strings	157
Main Method	System.Void Stub.Main::Main()
Main IL Instruction Count	58
Main IL	ldsfld System.Int32 Settings::Sleep ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String Settings::Hosts call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Hosts ldsfld System.String Settings::Port call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Port ldsfld System.String Settings::KEY call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::KEY ldsfld System.String Settings::SPL call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::SPL ldsfld System.String Settings::Group call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::Group ldsfld System.String Settings::USBNM call System.Object Stub.AlgorithmAES::Decrypt(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String Settings::USBNM leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.Helper::CreateMutex() call System.Boolean Stub.Helper::CreateMutex() brtrue.s IL_00AB: call System.Void Stub.Helper::PreventSleep() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.Helper::PreventSleep() ldnull <null> ldftn System.Void Stub.Main::_Lambda$__1() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.Main::_Lambda$__2() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>

Artefacts

Name0	Value
Mutex	MFYBgLy85MiltM+lmmum3AaStl4pE8pfKioOttnJa3TeUTCusqoBtclWZ8CWIcEN

6bf62d5582a1fc7febba7044de658671 (39.72 KB)