xloader | 8017fd679c9f7345624a44cf1caa16b4e88268e1912b01383de4456782b467c7

General

Target

8017fd679c9f7345624a44cf1caa16b4e88268e1912b01383de4456782b467c7
Size

164KB
MD5

a3a6c7768d8dccdc52e664650a7c0658
SHA1

3bb9a79c3972cd806a2aa70d657da29e71e2efeb
SHA256

8017fd679c9f7345624a44cf1caa16b4e88268e1912b01383de4456782b467c7
SHA512

6e026afd229c348c991b272bab24230dffeb0400dd15b911efcbd7a4d25c9bf0a0f2a2e2492ea755e515b1b69715c3c708a12d2cdf0ba419d190c6ea648f6d7f
SSDEEP

3072:ZB0TvTvL/RD7GDohFnjiL3QMJiqOONtobqIjd7NYlIkOk0Os12rHw:IrdMohFj+AMaONtUqIJRYRKN1

Score

10^/10

rat nvj9 xloader

Malware Config

Extracted

Family

xloader

Version

2.3

Campaign

nvj9

Decoy

xn--zueo-iqa.com

bjpowervision.com

immobilieraoujda.com

hurylaw.com

gvpdbtgjta.com

tvboxsmart.com

jarraprints.com

12391.xyz

mashangjianyun.com

jemadarehe.com

domineseutempo.com

awakeningwithautism.com

wuyuejs.com

boldbeecreations.com

avanseuscan1.com

mazandfootball.com

darkblue3-e3.xyz

miacebuche.com

luxenap.com

homeisliving.com

Signatures

Xloader family
xloader

Xloader payload 1 IoCs

rat

resource	yara_rule
sample	xloader

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8017fd679c9f7345624a44cf1caa16b4e88268e1912b01383de4456782b467c7

Files

8017fd679c9f7345624a44cf1caa16b4e88268e1912b01383de4456782b467c7
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 156KB - Virtual size: 156KB

.text
Size: 156KB - Virtual size: 156KB