Extracted

• • Target

    XINOF4.2.1.exe

  • Size

    379KB

  • MD5

    b33099e43bc639110baab265f19eaab8

  • SHA1

    17b5517634e881ab6e832476c6c9d8702941dde1

  • SHA256

    acfa59b94beebb0f9c4dd6a4c21586b9648808629624612c53d099df388eadd3

  • SHA512

    ce777ff2247a56c2b1e44eb3dd7affa423022bc81fb3058f8041fa64e63032771b9ae46499d3d0e62111968c665e104ee4e1fa3aefd858cc81df6e3037366b22

  Score

  10^/10

  discoveryevasionpersistenceransomwarespyware

  • Deletes shadow copies

    Ransomware often targets backup files to inhibit system recovery.

    ransomware

  • Disables Task Manager via registry modification

    evasion

  • Modifies extensions of user files

    Ransomware generally changes the extension on encrypted files.

    ransomware

  • Modifies file permissions

    discovery

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spyware

  • Adds Run key to start application

    persistence

  • Drops desktop.ini file(s)

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies service

    persistence
  behavioral1