Extracted

• • Target

    start.bat

  • Size

    685B

  • MD5

    dae009d093c0a873f8a2f79a20f78020

  • SHA1

    411089858e9c825bbda6b820e97f6eedbcf995ed

  • SHA256

    0469e4282614049d55359eedd498976abd3516c9d55e39eb2d6d4b7f709fa2a4

  • SHA512

    3553575185b76c982b402781653e6cf9836056d247f1500866c92d6632e67f9d9b956872c7091f38d3f313bb08bfee2088f53dbe3291467f593506631c0fc9fe

  Score

  10^/10

  xenarmorxwormpasswordratrecoverytrojanupx

  • Detect Xworm Payload

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Downloads MZ/PE file

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Legitimate hosting services abused for malware hosting/C2

  • Looks up external IP address via web service

    Uses a legitimate IP lookup service to find the infected system's external IP.

  behavioral1behavioral2