Extracted

• • Target

    SteamServersFix.exe

  • Size

    327KB

  • MD5

    a4b716a88bd9bffe93238cf361d2bb9b

  • SHA1

    a8d98a27fe2c4d36b0093d518660afe5f8f59208

  • SHA256

    fa01f82861a9949b4bddcadd6c2c5fd707b07c6a4090b08a19e932236c04feb9

  • SHA512

    65d1c05de9634c4fc6562233010b473dabf13507108fd9ba83842598a72270b57added822726bb71585a5c70a8355940258c322cfe427e150d7e579f067421a6

  • SSDEEP

    6144:zqW6/EpyjHwbECuizo+GIIIIIIIhIIIIIIIIIIIIIIIU:zj0tCuizL

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2