xworm | ent[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ent.exe
Size

154KB
MD5

4040574342fca4598ab801e62366a307
SHA1

19a9e27ce8f63916bf7d93f99ff8f7972d485468
SHA256

21a0587c8e6d10670ee634c2378df2e03cde87f5f5711dfd479de72e5269c0b7
SHA512

e5600f2a2fc24fc8b1dda7a2292ca304987ac91a23e7f528bad6a59d9ad1372be7ca04a325f5f4cc3247dd47144e656671a5c231b87e2db6d0240328d2bdb7df
SSDEEP

3072:oLS4ta1XgsykbA+Qk+OzwIffBz65/M6If+3Js+3JFkKeTni:ou4orbJQkMIffxBt25

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

held-using.gl.at.ply.gg:4825

Attributes

Install_directory
%ProgramData%
install_file
EpicGamesLauncher.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
ent.exe

Files

ent.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ