xworm | Api-AutoUpdater[.]exe | Triage

Sharing

General

Target

Api-AutoUpdater.exe
Size

79KB
MD5

2daa43c9c565faf24f1734caf5153215
SHA1

946272bab59c119caabce1bb33ca6ac4b286ccf9
SHA256

49f513bcc1641f438b6a4e41323db9243988c684bb2cc9690d6d6918787ead76
SHA512

7e713e59367f5a23402d89d78139d20b9989c6a17774a0e0b52e75bee0713de853e8b5773d7b16db1e0315504064edf2c8c118af7e38cea2834181b078f397be
SSDEEP

1536:hOaaiw5/XPr2SsofFni8Mjv1bMFXeOAP6h6a11TyO/6Yd3H:qvPuo1u1bMFAP631VyOSyH

Score

10^/10

xworm

Malware Config

Extracted

Family

xworm

C2

job-moore.gl.at.ply.gg:49404

Attributes

Install_directory
%ProgramData%
install_file
Helper.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
sample	family_xworm

Xworm family
xworm

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Api-AutoUpdater.exe

Files

Api-AutoUpdater.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ