xworm | SteamPlayer-Installer[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

SteamPlayer-Installer.exe
Size

350KB
MD5

c42fccf69d73137703153ad2c79d43da
SHA1

aeb4b80877b09d893d5523a3259a2fb8f9354b9f
SHA256

103c26b6e0ab16f1dd84bcd8d77dda1ff23ad436bd3fe3141e9753bc6f34e853
SHA512

93304338c3bcf96fbb54428fdcd9286cc18753aee33687133847e927be704ba3e774352a012073618e507b917fbab2f83da35d1f1a6c596a6b4abf414c4ef82b
SSDEEP

6144:r9+KbCPqZ+GIIIIIIIhIIIIIIIIIIIIIIIU:J+7PqS

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

127.0.0.1:7000

Attributes

Install_directory
%AppData%
install_file
XClient.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SteamPlayer-Installer.exe

Files

SteamPlayer-Installer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 265KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ