xyroo[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

xyroo.exe
Size

6KB
MD5

0c3c1994f0f4ee023b6213c2e3e13b30
SHA1

1dbb0e01ae7552813a3cb672a7d418808dedc261
SHA256

5c411e19ea6ef474406f6b883420c994cfe07a059d736fc84439710d3215815b
SHA512

f2db646e509ae61b506e760683d87b87ccaf1322c9f3109a4920db6768a92d7ba579e0b99028efdcf9fb4671c2d7cbd3f21282687943eb825a35cca7328e3c94
SSDEEP

48:atN8wmq2VvApiRqVp/BmhFGlJFPZ3FbN+zYJIh7RIwsAETkuc7odlM7BXWjiRuq7:A72VvApiQLtl+0SRETacK7BHx

Score

1^/10

Malware Config

Signatures

Files

xyroo.exe
.exe windows x86

de2feb3bb63a1fff98a61661da25a156

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnumResourceTypesA
GetProcAddress
GetConsoleWindow
GetTempPathW

mapi32

ord20
ord51
ord122
ord126
ord139

shell32

SHFreeNameMappings
ExtractAssociatedIconA
DoEnvironmentSubstW

pdh

PdhOpenQuery
PdhConnectMachineW
PdhVbCreateCounterPathList
PdhEnumObjectsA
PdhBrowseCountersW

mscms

DeleteColorTransform
CheckBitmapBits
GetPS2ColorSpaceArray
IsColorProfileValid
CreateProfileFromLogColorSpaceA

rtm

MgmGetNextMfe
RtmGetRouteAge
MgmTakeInterfaceOwnership
RtmDeregisterClient
RtmBlockConvertRoutesToStatic

avifil32

AVIMakeStreamFromClipboard
AVIStreamTimeToSample
AVIStreamSetFormat
AVIFileCreateStream
CreateEditableStream

avicap32

capCreateCaptureWindowW
videoThunk32

msvfw32

ICDraw

user32

ShowWindow

Sections

.text
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de2feb3bb63a1fff98a61661da25a156

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

mapi32

shell32

pdh

mscms

rtm

avifil32

avicap32

msvfw32

user32

Sections

.text Size: 1024B - Virtual size: 930B

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 84B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 108B

.text
Size: 1024B - Virtual size: 930B

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 84B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 108B