Extracted

• • Target

    document1.exe

  • Size

    164KB

  • MD5

    6a4e90565b00a175a7f721785c103b8c

  • SHA1

    7d4ec0780272583e57a2a9ab2546410b65d1815f

  • SHA256

    96716d490f2357faf8ebb019edb959af47c06b94c51a8852b2b15b2cd3022c56

  • SHA512

    1042acdfb6615e5ab1d025f2a6bcc81a0e1f2b42212b34de5f938fd181f92d6bd93ae5b5a6b793131004ec7509e90a59906beb23985621e410aa742f70e3634c

  • SSDEEP

    3072:GCm45J77y4nWfFT0Y9+CRMtFYo5TYDVC3cpD9dBTtB3:G71fGY9OTYDI3EpfTP3

  Score

  10^/10

  xwormrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Executes dropped EXE

  • Suspicious use of SetThreadContext

  behavioral1behavioral2