Extracted

• • Target

    PS HAX.exe

  • Size

    35KB

  • MD5

    159a592aaff150fbca8595c135811296

  • SHA1

    e045fa63bd8163fdad736e2516b2fb50c171b51f

  • SHA256

    202112d1f1e79fa27a7e3ba5e5bded18f625c1c2f3d620a477a90493e3409e8b

  • SHA512

    02c18bcb3bc5b4fda9f7a46cc47cc344a0b18c0c15f3031dd1436691cae0d765198679d0effbda3d0e34f2159bee2ec897a828682965ee4eb97cd8835d1a2fbc

  • SSDEEP

    768:4+CD93W03O42JiB701VF49j5Ojh7bqnEmD:4h93WEO4WiR0XF49j5Ojden1

  Score

  10^/10

  xenarmorxwormcollectionpasswordratrecoveryspywarestealertrojanupx

  • Detect Xworm Payload

  • XenArmor Suite

    XenArmor is as suite of password recovery tools for various application.

    recoverypasswordxenarmor

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads WinSCP keys stored on the system

    Tries to access WinSCP stored sessions.

    spywarestealer

  • Reads data files stored by FTP clients

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer

  • Reads local data of messenger clients

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer

  • Reads user/profile data of local email clients

    Email clients store some user data on disk where infostealers will often target it.

    spywarestealer

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Accesses Microsoft Outlook accounts

    collection
  behavioral1