Malicious
Malicious

fad283c76752fb88c79a07350949941e

PE Executable
|
MD5: fad283c76752fb88c79a07350949941e
|
Size: 62.98 KB
|
application/x-dosexec

Infection Chain
Summary by MalvaGPT
Characteristics

Symbol Ofbuscation Score

Very high

Hash
 Hash Value
MD5
fad283c76752fb88c79a07350949941e
Sha1
63a4d5ca879ee9d9d7ed87ee7b38f49e3b166809
Sha256
afcdbc0601ee16277b87a5423f5e66a03c7791c14e2eb191e45153a89a332160
Sha384
4a2355ff337d1d80f8bed03f5eb6093b27c53f33814abc494aada3ec37abb19988473df305f19427705499df88d08de3
Sha512
4e24bea4ac0ecd6d380b2d171076cc4e46628057d351a367e2d1e59442d892263f983d91e848ce6bd5e2db19040b962ddc4dba7dba5da464d487ad20f0acb6ea
SSDeep
1536:gWNv1HSlmQEHic8e2kbYJTo2GhH8fpOWyJVb1B:5tBSlmikbYRUH8hOWyTj
TLSH
40538D1C3BF28125E1FFAEB01AF23152D239E2275916E79F18C5418B1B13A8DCD916F6

PeID

.NET executable
Microsoft Visual C# / Basic .NET
Microsoft Visual C# / Basic.NET / MS Visual Basic 2005 - ASL
Microsoft Visual C# v7.0 / Basic .NET
Microsoft Visual Studio .NET
File Structure
fad283c76752fb88c79a07350949941e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

Cxo6qxhm1UMXkx5x
Hosts

darwin151-36102.portmap.host
Port

36102
KEY

<123456789>
USBNM

<Xwormmm>
family

xworm
Informations
Name
 Value
Info

PE Detect: PeReader OK (file layout)
Module Name

XCli222222ent.exe
Full Name

XCli222222ent.exe
EntryPoint

System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::BM6tQyYIrryJsyxHitVmhZmzhI3EYcHlmj7eG0w6js5Zf6GP9w2Bx0bLeoqyD5rB8xPTXgMxOHDnw8N2bzOEpoVFpgpgziaVX()
Scope Name

XCli222222ent.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XCli222222ent
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

237
Main Method

System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::BM6tQyYIrryJsyxHitVmhZmzhI3EYcHlmj7eG0w6js5Zf6GP9w2Bx0bLeoqyD5rB8xPTXgMxOHDnw8N2bzOEpoVFpgpgziaVX()
Main IL Instruction Count

58
Main IL

ldsfld System.Int32 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::piuyWjvqcSjGDRCotvc4AE26enIeVmsN2h2NcE3wUIWUbpcHXwyM6aS8jjkI30Zt7gbx5OWAtHXEt7g9pIzmeS3oZrb0Dji58 ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::7IRKI4W3s9Qi4veCnuUAYFRh02HRjoXkYJ8BMREHnPMRgP7ImNuEAR0uqt8ENpBH8BDEBAXflEVw2NxvCGwTKuu1ToWG2VQ5B call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::7IRKI4W3s9Qi4veCnuUAYFRh02HRjoXkYJ8BMREHnPMRgP7ImNuEAR0uqt8ENpBH8BDEBAXflEVw2NxvCGwTKuu1ToWG2VQ5B ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::oqI1Nv1zE7Vgsz0YPcEUm5lPVCHCkDVZKfhBO1z8hwr0qhb1sazRjulWoLQXT2u5E9FlLcdEnMUCY14qsKBHW0FEUodRKM98z call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::oqI1Nv1zE7Vgsz0YPcEUm5lPVCHCkDVZKfhBO1z8hwr0qhb1sazRjulWoLQXT2u5E9FlLcdEnMUCY14qsKBHW0FEUodRKM98z ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::l3vlgFApZ91Oo5aDmmxP8PH0njbOLw9AbkyADjDO24qDuAnE64ImKuLHrD40qzZptV2pGcjvHZc1YKX6FxRYRqs3Ze0h8RQwJ call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::l3vlgFApZ91Oo5aDmmxP8PH0njbOLw9AbkyADjDO24qDuAnE64ImKuLHrD40qzZptV2pGcjvHZc1YKX6FxRYRqs3Ze0h8RQwJ ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::V3g9eto0XispL6m22RmxF3361NCyjV7fAWJjsC0wmsCVdjrHRtcvL0p0QU2VzaVfwUYKE3jpgaYXLGn18LWGeBmvsBcCb1TY2 call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::V3g9eto0XispL6m22RmxF3361NCyjV7fAWJjsC0wmsCVdjrHRtcvL0p0QU2VzaVfwUYKE3jpgaYXLGn18LWGeBmvsBcCb1TY2 ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::A5hE4DQb8xmj3itqz0i78rDt8DxR1Lj3vXSsGnaGOZ3cEdn2QKu6J9mv4e088vADyeHrGzr3bYeeBMPBuar9SmmRwSterwB4E call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::A5hE4DQb8xmj3itqz0i78rDt8DxR1Lj3vXSsGnaGOZ3cEdn2QKu6J9mv4e088vADyeHrGzr3bYeeBMPBuar9SmmRwSterwB4E ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::mk3artFBkCqSZt1WOKTbsO25ScdNUvwkm5hI29juhyCh3qC2AGT5L3F4x4TzS6uoic2of87DAPDFv4i2tRT2sMN8upSb2Mph7 call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::mk3artFBkCqSZt1WOKTbsO25ScdNUvwkm5hI29juhyCh3qC2AGT5L3F4x4TzS6uoic2of87DAPDFv4i2tRT2sMN8upSb2Mph7 leave.s IL_009E: call System.Boolean Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::6iw5tFOMtS5ZzR0uKTF2FS6L8() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::6iw5tFOMtS5ZzR0uKTF2FS6L8() call System.Boolean Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::6iw5tFOMtS5ZzR0uKTF2FS6L8() brtrue.s IL_00AB: call System.Void Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::V33MIuSOWnbP9ywsQRGPAaUoQ4p7DvyJkp6PDxshwBJDERaI18ja7husGQJ7LUpPhQP4aFtQWzib62dfLGG() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::V33MIuSOWnbP9ywsQRGPAaUoQ4p7DvyJkp6PDxshwBJDERaI18ja7husGQJ7LUpPhQP4aFtQWzib62dfLGG() ldnull <null> ldftn System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::u2vRR0szZEBTAU1bMiVryg3Cpp4cTXFo1siPyhvcsTmqrvNaWows9viyejwIWriALtcVRld6vF6W7QZUqUpydHoNp6nVmMSjl() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::hM9MJ6LPdFgFf6r7TusdL62JCpLOpS0Hi5XGhKbhL0pNGs55050WCQikQmBgrkHogaj4TH83SFur8ZwrWGvRB2HsREReoFXbi() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Module Name

XCli222222ent.exe
Full Name

XCli222222ent.exe
EntryPoint

System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::BM6tQyYIrryJsyxHitVmhZmzhI3EYcHlmj7eG0w6js5Zf6GP9w2Bx0bLeoqyD5rB8xPTXgMxOHDnw8N2bzOEpoVFpgpgziaVX()
Scope Name

XCli222222ent.exe
Scope Type

ModuleDef
Kind

Windows
Runtime Version

v4.0.30319
Tables Header Version

512
WinMD Version

<null>
Assembly Name

XCli222222ent
Assembly Version

1.0.0.0
Assembly Culture

<null>
Has PublicKey

False
PublicKey Token

<null>
Target Framework

<null>
Total Strings

237
Main Method

System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::BM6tQyYIrryJsyxHitVmhZmzhI3EYcHlmj7eG0w6js5Zf6GP9w2Bx0bLeoqyD5rB8xPTXgMxOHDnw8N2bzOEpoVFpgpgziaVX()
Main IL Instruction Count

58
Main IL

ldsfld System.Int32 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::piuyWjvqcSjGDRCotvc4AE26enIeVmsN2h2NcE3wUIWUbpcHXwyM6aS8jjkI30Zt7gbx5OWAtHXEt7g9pIzmeS3oZrb0Dji58 ldc.i4 1000 mul.ovf <null> call System.Void System.Threading.Thread::Sleep(System.Int32) ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::7IRKI4W3s9Qi4veCnuUAYFRh02HRjoXkYJ8BMREHnPMRgP7ImNuEAR0uqt8ENpBH8BDEBAXflEVw2NxvCGwTKuu1ToWG2VQ5B call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::7IRKI4W3s9Qi4veCnuUAYFRh02HRjoXkYJ8BMREHnPMRgP7ImNuEAR0uqt8ENpBH8BDEBAXflEVw2NxvCGwTKuu1ToWG2VQ5B ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::oqI1Nv1zE7Vgsz0YPcEUm5lPVCHCkDVZKfhBO1z8hwr0qhb1sazRjulWoLQXT2u5E9FlLcdEnMUCY14qsKBHW0FEUodRKM98z call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::oqI1Nv1zE7Vgsz0YPcEUm5lPVCHCkDVZKfhBO1z8hwr0qhb1sazRjulWoLQXT2u5E9FlLcdEnMUCY14qsKBHW0FEUodRKM98z ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::l3vlgFApZ91Oo5aDmmxP8PH0njbOLw9AbkyADjDO24qDuAnE64ImKuLHrD40qzZptV2pGcjvHZc1YKX6FxRYRqs3Ze0h8RQwJ call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::l3vlgFApZ91Oo5aDmmxP8PH0njbOLw9AbkyADjDO24qDuAnE64ImKuLHrD40qzZptV2pGcjvHZc1YKX6FxRYRqs3Ze0h8RQwJ ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::V3g9eto0XispL6m22RmxF3361NCyjV7fAWJjsC0wmsCVdjrHRtcvL0p0QU2VzaVfwUYKE3jpgaYXLGn18LWGeBmvsBcCb1TY2 call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::V3g9eto0XispL6m22RmxF3361NCyjV7fAWJjsC0wmsCVdjrHRtcvL0p0QU2VzaVfwUYKE3jpgaYXLGn18LWGeBmvsBcCb1TY2 ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::A5hE4DQb8xmj3itqz0i78rDt8DxR1Lj3vXSsGnaGOZ3cEdn2QKu6J9mv4e088vADyeHrGzr3bYeeBMPBuar9SmmRwSterwB4E call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::A5hE4DQb8xmj3itqz0i78rDt8DxR1Lj3vXSsGnaGOZ3cEdn2QKu6J9mv4e088vADyeHrGzr3bYeeBMPBuar9SmmRwSterwB4E ldsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::mk3artFBkCqSZt1WOKTbsO25ScdNUvwkm5hI29juhyCh3qC2AGT5L3F4x4TzS6uoic2of87DAPDFv4i2tRT2sMN8upSb2Mph7 call System.Object Stub.0hlXRn0s4I6xLuvFQewydOWUXkfLBTObKnrNU3Yqgz7IYlG19W1xE0opaHAhoglzSAqIAjxWzLeJ9yayaiv::6APsd7LxayBTmhs0JjIhXZcuVNSpMsu3GWj9lWHpgldr9absvDHWkwReXbHoClPw6rmKBQLSW6riufkE10Q(System.String) call System.String Microsoft.VisualBasic.CompilerServices.Conversions::ToString(System.Object) stsfld System.String 7LGthiu1OQNcuu2XKjvOa4rCDGQaZyUPlFmyMGMASpjqk3eDw3rmBW9Iu7mIm28002yeHkFTCnwlDEhfUA9jTLneJ6OaDICVD::mk3artFBkCqSZt1WOKTbsO25ScdNUvwkm5hI29juhyCh3qC2AGT5L3F4x4TzS6uoic2of87DAPDFv4i2tRT2sMN8upSb2Mph7 leave.s IL_009E: call System.Boolean Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::6iw5tFOMtS5ZzR0uKTF2FS6L8() dup <null> call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::SetProjectError(System.Exception) stloc.2 <null> ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Microsoft.VisualBasic.CompilerServices.ProjectData::ClearProjectError() leave.s IL_009E: call System.Boolean Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::6iw5tFOMtS5ZzR0uKTF2FS6L8() call System.Boolean Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::6iw5tFOMtS5ZzR0uKTF2FS6L8() brtrue.s IL_00AB: call System.Void Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::V33MIuSOWnbP9ywsQRGPAaUoQ4p7DvyJkp6PDxshwBJDERaI18ja7husGQJ7LUpPhQP4aFtQWzib62dfLGG() ldc.i4.0 <null> call System.Void System.Environment::Exit(System.Int32) call System.Void Stub.MQMKjVJ5nfnYl5RPOmWJPjaUFpydlBIFSQvmPFYkaKOlFiXMYzOoHtW4yyrLkXEUeCpWnnqzZ36HCuGTaub::V33MIuSOWnbP9ywsQRGPAaUoQ4p7DvyJkp6PDxshwBJDERaI18ja7husGQJ7LUpPhQP4aFtQWzib62dfLGG() ldnull <null> ldftn System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::u2vRR0szZEBTAU1bMiVryg3Cpp4cTXFo1siPyhvcsTmqrvNaWows9viyejwIWriALtcVRld6vF6W7QZUqUpydHoNp6nVmMSjl() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.0 <null> ldnull <null> ldftn System.Void Stub.kWF6Poazx3VOasIAIbIY6o8xZdySRkHccFYL7TmiZm664Boi5SrEFrPuVyU1DfaNvdE0HodUGJosboXnzNIOXsCnMRtIIjSly::hM9MJ6LPdFgFf6r7TusdL62JCpLOpS0Hi5XGhKbhL0pNGs55050WCQikQmBgrkHogaj4TH83SFur8ZwrWGvRB2HsREReoFXbi() newobj System.Void System.Threading.ThreadStart::.ctor(System.Object,System.IntPtr) newobj System.Void System.Threading.Thread::.ctor(System.Threading.ThreadStart) stloc.1 <null> ldloc.0 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Start() ldloc.1 <null> callvirt System.Void System.Threading.Thread::Join() ret <null>
Artefacts
Name
 Value
Mutex

Cxo6qxhm1UMXkx5x
CnC

darwin151-36102.portmap.host
Port

36102
fad283c76752fb88c79a07350949941e (62.98 KB)
File Structure
fad283c76752fb88c79a07350949941e
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_VERSION
ID:0001
ID:0
RT_MANIFEST
ID:0001
ID:0
Characteristics
Malware Configuration - XWorm config.
Config. Field
 Value
Mutex

Cxo6qxhm1UMXkx5x
Hosts

darwin151-36102.portmap.host
Port

36102
KEY

<123456789>
USBNM

<Xwormmm>
family

xworm
Artefacts
Name
 Value Location
Mutex

Cxo6qxhm1UMXkx5x

Malicious

fad283c76752fb88c79a07350949941e
CnC

darwin151-36102.portmap.host

Malicious

fad283c76752fb88c79a07350949941e
Port

36102

Malicious

fad283c76752fb88c79a07350949941e
You must be signed in to post a comment.
An error has occurred. This application may no longer respond until reloaded. Reload 🗙