Behavioral task
behavioral1
Sample
ExecuterHelp.exe
Resource
win7-20240708-en
General
-
Target
ExecuterHelp.exe
-
Size
69KB
-
MD5
357083dd92b1738fe387a67741c469f1
-
SHA1
e53381ae11a9110bfd243a41192055e265150a4c
-
SHA256
096a954eb1c0f09b0f4351bb4172d8dc6ec7fcf5df3ff1a876acbf8299def3ec
-
SHA512
15111b1a876dc22c6b8d591b4e9c58e0c01f74aa44bd9e606bfd7ea2e43bac6df90f5d7620343ab7ea6aae29ff799c2485f7338d81a8edae8f6c3784d2f4daf9
-
SSDEEP
1536:NR4LPQPqR3Kj4ZsDaR1ESb8oGGRU68saO9RRrmdEJ:c/96Pa1ESb8o/TaOPxnJ
Malware Config
Extracted
xworm
where-reverse.gl.at.ply.gg:18649
-
Install_directory
%ProgramData%
-
install_file
Helper.exe
Signatures
-
Detect Xworm Payload 1 IoCs
resource yara_rule sample family_xworm -
Xworm family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource ExecuterHelp.exe
Files
-
ExecuterHelp.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 66KB - Virtual size: 66KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ