xworm | AntiMalwareService[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

AntiMalwareService.exe
Size

73KB
MD5

fd9fd65072f4f6667c249ccaa9b443a8
SHA1

c9dc8e4e0288c7a3ffd515a1cb100ceaa948b1c8
SHA256

628a69b7b85da74c80b40c94276bc979a38e33020a716d2bbad5215a193ffabf
SHA512

50105c3f878e3baaf74d7ef87c604c1a0bfb2a5227dee7c2a31746b4b7614c5537f37d790afd1b1898e2efe72aa0db1c6b4b62c366813ddbc2834d6e0f406884
SSDEEP

1536:b1B0aRrkw3kpcs+ObK8MAcvuqVMO5fLfhb/t:pB0zwkcdObK85cvuiMOFv

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

com-campaigns.gl.at.ply.gg:38839

Attributes

Install_directory
%ProgramData%
install_file
AntiMalwareService.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
AntiMalwareService.exe

Files

AntiMalwareService.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ