General
-
Target
rxbot-xerion-2.0.rar
-
Size
988KB
-
MD5
182b9c39d50551e35acb9dc59e194b67
-
SHA1
06a262f787ed68254e77dbc410604236d5f5ab2d
-
SHA256
19edc51462895a575bb87fc6c87ad6bf881d3d0042131fc03b31da9840e3c89b
-
SHA512
9427541203b6a639d5d569653d400bf6b260d6666a795c292eac8a257aa308dd2269cec9bc032da2445e18a3ad336bc892cb36d308602c75b42bc5d040f70211
-
SSDEEP
24576:enYGKvSA9xo0pmJdwAbjbk/GRAJ0bUiOgmLW2jZv:eZKF9xo0YLwKvLRbUVgmy21
Score
3/10
Malware Config
Signatures
-
Unsigned PE 5 IoCs
Checks for missing Authenticode signature.
Files
-
rxbot-xerion-2.0.rar
Password: infected
-
docs/cmds.txt
-
packers/ExeStealth.exe
Password: infected
09d0478591d4f788cb3e5ea416c25237
Headers
Imports
Sections
-
packers/Packman.exe
Password: infected
eaf478c5ed68a66331acd2c65b312a62
Headers
Imports
Sections
-
packers/Scramble-Tool.exe
Password: infected
Headers
Sections
-
packers/wup.exe
Password: infected
Headers
Sections
-
packers/yP.exe
Password: infected
Headers
Sections
-
source/cfg/conf.h
-
source/cpp/advscan.cpp
-
source/cpp/aliaslog.cpp
-
source/cpp/autostart.cpp
-
source/cpp/avirus.cpp
-
source/cpp/bindshell.cpp
-
source/cpp/capture.cpp
-
source/cpp/cdkeys.cpp
-
source/cpp/clsass.cpp
-
source/cpp/crc32.cpp
-
source/cpp/crypt.cpp
-
source/cpp/dcass.cpp
-
source/cpp/dcc.cpp
-
source/cpp/dcom.cpp
-
source/cpp/ddos.cpp
-
source/cpp/download.cpp
-
source/cpp/driveinfo.cpp
-
source/cpp/ehandler.cpp
-
source/cpp/findfile.cpp
-
source/cpp/findpass.cpp
-
source/cpp/fphost.cpp
-
source/cpp/ftpd.cpp
-
source/cpp/httpd.cpp
-
source/cpp/icmpflood.cpp
-
source/cpp/ident.cpp
-
source/cpp/irc_send.cpp
-
source/cpp/keylogger.cpp
-
source/cpp/loaddlls.cpp
-
source/cpp/lsass.cpp
-
source/cpp/lsass1lsass.cpp
-
source/cpp/misc.cpp
-
source/cpp/mssql.cpp
-
source/cpp/mssqllsass.cpp
-
source/cpp/ndcass.cpp
-
source/cpp/net.cpp
-
source/cpp/netbios.cpp
-
source/cpp/netutils.cpp
-
source/cpp/peer2peer.cpp
-
source/cpp/pingudp.cpp
-
source/cpp/processes.cpp
-
source/cpp/psniff.cpp
-
source/cpp/random.cpp
-
source/cpp/realcast.cpp
-
source/cpp/redirect.cpp
-
source/cpp/remotecmd.cpp
-
source/cpp/rlogind.cpp
-
source/cpp/rndnick.cpp
-
source/cpp/scan.cpp
-
source/cpp/secure.cpp
-
source/cpp/session.cpp
-
source/cpp/shellcode.cpp
-
source/cpp/socks4.cpp
-
source/cpp/synflood.cpp
-
source/cpp/sysinfo.cpp
-
source/cpp/tcpflood.cpp
-
source/cpp/tcpflood2.cpp
-
source/cpp/tftpd.cpp
-
source/cpp/threads.cpp
-
source/cpp/visit.cpp
-
source/cpp/wildcard.cpp
-
source/cpp/wksmass.cpp
-
source/cpp/wkssvc.cpp
-
source/cpp/xerion.cpp
-
source/h/advscan.h
-
source/h/aliaslog.h
-
source/h/autostart.h
-
source/h/avirus.h
-
source/h/capture.h
-
source/h/cdkeys.h
-
source/h/clsass.h
-
source/h/crc32.h
-
source/h/crypt.h
-
source/h/dcass.h
-
source/h/dcc.h
-
source/h/dcom.h
-
source/h/ddos.h
-
source/h/defines.h
-
source/h/download.h
-
source/h/driveinfo.h
-
source/h/ehandler.h
-
source/h/externs.h
-
source/h/findfile.h
-
source/h/findpass.h
-
source/h/fphost.h
-
source/h/ftpd.h
-
source/h/ftppot.h
-
source/h/functions.h
-
source/h/globals.h
-
source/h/httpd.h
-
source/h/icmpflood.h
-
source/h/ident.h
-
source/h/includes.h
-
source/h/irc_send.h
-
source/h/keylogger.h
-
source/h/loaddlls.h
-
source/h/lsass.h
-
source/h/lsass1lsass.h
-
source/h/lsass2.h
-
source/h/misc.h
-
source/h/mssql.h
-
source/h/mssqllsass.h
-
source/h/ndcass.h
-
source/h/net.h
-
source/h/netbios.h
-
source/h/netutils.h
-
source/h/nicklist.h
-
source/h/passwd.h
-
source/h/peer2peer.h
-
source/h/pingudp.h
-
source/h/processes.h
-
source/h/psniff.h
-
source/h/random.h
-
source/h/realcast.h
-
source/h/redirect.h
-
source/h/remotecmd.h
-
source/h/rlogind.h
-
source/h/rndnick.h
-
source/h/scan.h
-
source/h/secure.h
-
source/h/session.h
-
source/h/shares.h
-
source/h/shellcode.h
-
source/h/socks4.h
-
source/h/synflood.h
-
source/h/sysinfo.h
-
source/h/tcpflood.h
-
source/h/tcpflood2.h
-
source/h/tcpip.h
-
source/h/tftpd.h
-
source/h/threads.h
-
source/h/visit.h
-
source/h/wildcard.h
-
source/h/wksmass.h
-
source/h/wkssvc.h
-
source/h/xerion.h
-
xerion.dsp
-
xerion.dsw