xworm

Sharing

Copy URL

Twitter E-mail

General

Target

SilverBulletPro-v1.5.8.zip
Size

361.0MB
Sample

240609-1x7geagb65
MD5

f63c1018f71580afe4507cd12c609aa9
SHA1

10e9d897e7379f26e59da1e560482a90f00916c1
SHA256

ef0250d8bd2afdd636bcdca3e55d135c15f18d1c18cad6502e1e58f352ad09cf
SHA512

224cd88d8188e400090cdc38c1cae56d2bd3b01432ee891d270dc09d3dbe91353f775f333e001edd73edf5334221e23e2481c1016b1009f719bf8bbe016d94db
SSDEEP

6291456:Jq6pvVnxBMzRNEkgQFgUisoR4GHe++B784+0hdHYL4Ist6t73TwFpKbrjPN:JFvCQs2goRdHe+5xLRst6VcpKbrp

Score

10^/10

Malware Config

Extracted

Family

xworm

dsasinject-58214.portmap.io:3389

Attributes

Install_directory
%AppData%
install_file
svchost.exe
telegram
https://api.telegram.org/bot7023899363:AAFEzgbfWzhyE32Lf95TKSRYEYXMd4AfMyk/sendMessage?chat_id=6354844663

Targets

- Target
  
  SilverBulletPro-v1.5.8.zip
- Size
  
  361.0MB
- MD5
  
  f63c1018f71580afe4507cd12c609aa9
- SHA1
  
  10e9d897e7379f26e59da1e560482a90f00916c1
- SHA256
  
  ef0250d8bd2afdd636bcdca3e55d135c15f18d1c18cad6502e1e58f352ad09cf
- SHA512
  
  224cd88d8188e400090cdc38c1cae56d2bd3b01432ee891d270dc09d3dbe91353f775f333e001edd73edf5334221e23e2481c1016b1009f719bf8bbe016d94db
- SSDEEP
  
  6291456:Jq6pvVnxBMzRNEkgQFgUisoR4GHe++B784+0hdHYL4Ist6t73TwFpKbrjPN:JFvCQs2goRdHe+5xLRst6VcpKbrp
Score

7^/10

discovery persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Registers COM server for autorun
  persistence
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Drops desktop.ini file(s)
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1
- Target
  
  DefenderRemover.exe
- Size
  
  664KB
- MD5
  
  7a3e43c2971746c84d32f8a448823673
- SHA1
  
  08b75724c68f25ac831ba2c7508f18bf3a398c9f
- SHA256
  
  c7bdcebe60356900dc4b4f8bc8b75acc1536df33ae7a1049bfa27192b8c62d0a
- SHA512
  
  702ea07e5377387cf938554c8fab55847cc72e06997f318099940db2b0af7d06acf326be3699569b65a9a265e617cab13c2930614bc3a0cb2e02ee82fd79c8f5
- SSDEEP
  
  12288:u1OgLda0ZjpVxCSDrqzU7rOv/O6/NH90u9KIyburq6fAdAYmyw:u1OYdaypVxCiIO6/LXEYr8dAByw
Score

10^/10

evasion persistence trojan
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Modifies firewall policy service
  evasion
- UAC bypass
  evasion trojan
- Windows security bypass
  evasion trojan
- Executes dropped EXE
- Registers COM server for autorun
  persistence
behavioral2
- Target
  
  Plugins/SilverBulletPro.Win.Plugin.dll
- Size
  
  22KB
- MD5
  
  e0dd69d7fbb2008d2e7c386b02a68ade
- SHA1
  
  fcb7ce667411b006325a465cbf00a51e4efb126c
- SHA256
  
  cd248b30750a4a0ecf9d4c8facee85258bb851f3380f9c5daba60d2bdcfb7957
- SHA512
  
  e9e7cfc40f94702652523d9e7b89f02164bfb3c966c2527fe5f3d0758ae7f27d24044df33cdba4f0b0f3a81fad0195d567899d6d9d59b1ff0303c5ca1cc8287b
- SSDEEP
  
  384:SWzbvDOo/jMfxFG6PDfROpXhu7LD91GIyAa9OuBH:SqvdML/rcOfXGIArZ
Score

1^/10
behavioral3
- Target
  
  SilverBulletPro.dll
- Size
  
  4.8MB
- MD5
  
  6c257384563def7c53c91fb7c8d5102c
- SHA1
  
  b522f0e4884a896a1aaf54118f641b512345812b
- SHA256
  
  5e14e975ef1e9b3fec57de574ccfb6dbcdd5ee8a56b2d8f3559c199b77a9f6eb
- SHA512
  
  c96bd2b4d4b5020995b027a86d0e3e78354debdb71e0a03b9edd707c5c88823e5e92621e85c3e42ab0a7a50405742e9b6b3ec34c5622640c2cb61089ace989b9
- SSDEEP
  
  49152:5s1nHFieqNHKLh/k/i8kvfp8/AW2Ke/d/igkv4p:Elie/Lh6i8kHqZ9e/VigkA
Score

1^/10
behavioral4
- Target
  
  SilverBulletPro‌‌.exe
- Size
  
  3.3MB
- MD5
  
  3a05915ef59826910a7935060c9cb8f2
- SHA1
  
  b89b7bbf347b380d98c56d7261f3780dbdd94290
- SHA256
  
  ad121ddbed20a93a429f98df9aa1a589f5efd7fe2a579e00a5ea4409ef9d814d
- SHA512
  
  8c80f88a9738c9fec207f06c86537d2ff32580dd1d6a51deaee1bde318e211669c0eb82a45c350fcd6d54f3ed7c5f628bc472cddc71f0fb29e43931df1c2da1b
- SSDEEP
  
  49152:lffAbklzCfGDY2G+qnb7IzJunAyDZTk1VQq3/YtjCq3x5ZtztwZFG/i/kvfp:lD8vQQnAZbetlh5Zt5wZF0i/kH
Score

10^/10

xworm execution rat trojan
- Detect Xworm Payload
- Xworm
  Xworm is a remote access trojan written in C#.
  trojan rat xworm
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral5
- Target
  
  Tessernet/liblept1820.dll
- Size
  
  3.9MB
- MD5
  
  f9fe014eb7485a6ef4e5528cfcd215e9
- SHA1
  
  89c45c5290d651d42971fb5c92736e50a3c0e43e
- SHA256
  
  d640ded6675263dd1331832ae8de6f2a4f098df2f43816f8842913d9ab095d22
- SHA512
  
  af184da055b0557ed0e43183fee773c619743a73ad4991983180a4901e49e66cb5ea9efc4e33ac27d472853455410199a7ca82c34fc692d5dd817c90298d5fc2
- SSDEEP
  
  49152:ro7SqU05LrLrLrLZ8wPxQAj8MLOPZT6dvS+Rd/5Tlc9vhxjn2mVE2jqhGcmLiV9q:xIv2llYdLLo
Score

1^/10
behavioral6
- Target
  
  Tessernet/libtesseract500.dll
- Size
  
  3.1MB
- MD5
  
  5f73bbea9f475f3061ac32d8b0313bd3
- SHA1
  
  bce2f3bf04ec56c5d64cb0dfb300d2d15e35b2af
- SHA256
  
  64c397ea1563cdda92b2552fb4c6d83fc98ea3c43a90afa9fa8059c86705cab4
- SHA512
  
  20cc2e076cfc780a890c016732bb027daddb227570ca3feaeea0c06e195729b432f33c8bbc3a9701e1b417207e50429869f7dc054cf0e23dac4e52ad9ddb79ef
- SSDEEP
  
  49152:GYJ4egcsGZ0JjKgReTWBgSOTSPGvTQ6gWwNBYkvnqb02uqmyc6Gw0O8Y/ihDq7mc:T4eBOmSRkTakYz+ma9tN
Score

1^/10
behavioral7
- Target
  
  Tutorial/DefenderRemover.exe
- Size
  
  664KB
- MD5
  
  7a3e43c2971746c84d32f8a448823673
- SHA1
  
  08b75724c68f25ac831ba2c7508f18bf3a398c9f
- SHA256
  
  c7bdcebe60356900dc4b4f8bc8b75acc1536df33ae7a1049bfa27192b8c62d0a
- SHA512
  
  702ea07e5377387cf938554c8fab55847cc72e06997f318099940db2b0af7d06acf326be3699569b65a9a265e617cab13c2930614bc3a0cb2e02ee82fd79c8f5
- SSDEEP
  
  12288:u1OgLda0ZjpVxCSDrqzU7rOv/O6/NH90u9KIyburq6fAdAYmyw:u1OYdaypVxCiIO6/LXEYr8dAByw
Score

7^/10
- Executes dropped EXE
behavioral8
- Target
  
  bin/SilverBullet.Parallelization.pdb
- Size
  
  18KB
- MD5
  
  9ec4371f8d02467a4844c9b2b7808124
- SHA1
  
  09693c6d44c8657302e9d7cf72d33a0b57f65087
- SHA256
  
  b5561933d4d58f89379f30b281a0b4d1c12cd66c530304a256dec8de4b93a221
- SHA512
  
  b2f385f450681935abf291c5a0a8166803ce96619fe42097c2cde6d0a8391f1d30e87a9a74423d00b01691f577d1f27997d964dfc7828a8e04ebe21685decc76
- SSDEEP
  
  384:z2DjK+UWGWW48xX+A60a09v2osSHZ/j1wMbaBkJMgtcpXrfH8f6Awb3Ljcuca8nF:z5+UWGWl8E6LbaBkSg2DKn/N
Score

3^/10
behavioral9
- Target
  
  bin/SilverBulletPro.CLI.Core.pdb
- Size
  
  65KB
- MD5
  
  7de280ce650b3f12027a5d3927b0f95b
- SHA1
  
  030e307f8ef73a99d9f401aa4902acb4defcd33e
- SHA256
  
  8fce139ded577e9f4294f2e77839c455d66b4002e2f2c20fbc489914618cacaa
- SHA512
  
  d75788a986d8248d663401971b7bd2cda56071104599f1dca5d5a077d7bc5f506d4a19f59706aac33f8cf5c46daac250fe130848b0e40db3d32804a4de76bd64
- SSDEEP
  
  768:uxfYVmRapfpNil5tNtxK0SlXZlf8SYpJ2brB1SglcDcSTbkXFeAy0L1KRmNX0o9m:u6VT0l57AlXZlkTH2nBMglu1871Amds
Score

3^/10
behavioral10
- Target
  
  bin/SilverBulletPro.CLI.pdb
- Size
  
  19KB
- MD5
  
  8cd537a5653513b676b7233518f354fc
- SHA1
  
  67b2495283d17f916d950d932c8ac64994f97af5
- SHA256
  
  44334dbebde5d6b7ec77129b589e02ca15e79d9cb772cd30dc331fa76d43d9bd
- SHA512
  
  43eb651cdfe332168053890bd3d5bb6144525091ad663290341e4af35f34eac283f170073e08b11317be816cfce3d4a680bed5c7ac07512b0638e2d00557b49d
- SSDEEP
  
  384:nh+CRA39dbl9Yp881sX+A60a09v2osSLL5F7fIHZElj1mwAbrB1JMglncpXrfH8/:nECRWlf8lYpJ2brB1SglcDE9t
Score

3^/10
behavioral11
- Target
  
  bin/SilverBulletPro.Core.pdb
- Size
  
  483KB
- MD5
  
  51fc08b3bd94c2ceb5bcc23fd6647920
- SHA1
  
  b7df9dcf42e9cd1972a04dbf41415b52c939d114
- SHA256
  
  ea3a3391fb4cc55e57f251dfe88086dd59173a40394fa6d2ffafbd968f3c768a
- SHA512
  
  b4da86f008bcc3c9bce2ee7e27daab4cb0f82c240aa7dc922ff8de1b448ba9e27b56f47447527a614feb48c46442d270bf57735d2894576a39850e0734ee0639
- SSDEEP
  
  6144:ycnJ/QwSAuIj/ulKYV/YVBEWxgIuhpxH50QedHeSMhNMRevxiUUUneoICLoK/c5r:9/fzuOulK2kEWwhqFUel6wlnfv
Score

3^/10
behavioral12
- Target
  
  bin/SilverBulletPro.PluginFramework.pdb
- Size
  
  11KB
- MD5
  
  50340d0cfa66909f9710131e42665331
- SHA1
  
  45bba43968404783f5ad8558727af8a550741504
- SHA256
  
  b93b82f6ef283ffbbf79b96e2e9d14958f22f7ecb3c23e5f904933a629c55b77
- SHA512
  
  dbb089855ff34fde5262443ae49bb979bac3d713abd673e456663d3f119e1b34835ad5d18a09a881f4d190b38cf412b51860206634bbb319d227757d09b4f177
- SSDEEP
  
  192:37s5c5MZ0ONIkMVru9Fs+Z53WaDbAafx1RQaJYCoVBg4qvHFtXH61R0QaYP9NleZ:37sy5/FDV6/F3WaDbAafx1R9JYlVBg4U
Score

3^/10
behavioral13
- Target
  
  bin/SilverBulletPro.Requests.pdb
- Size
  
  101KB
- MD5
  
  329471d810d285466ea8225b85aa9ea1
- SHA1
  
  f44631576f76c482553c917932968bee4a586d70
- SHA256
  
  33aeb915a998daabdf8940d4f16afc42a0547bcaac659800fb0f19a4650d8f38
- SHA512
  
  68514ffe9cbc6b2113aa65182d74e62efb2f437b5b42f09b9579a4f73d9e4a1d3dc2658066902ea176113c79fab898699171f6ec91497b4ac50bc19c58a8dc58
- SSDEEP
  
  1536:kM3rHxrdnbmoXVbX0TVZUuKb/GBy0xWQqmxEdG59DE8Bpk6oRjtRraWAkaUtY:LvbXzxT8y04A9gikvxfpY
Score

3^/10
behavioral14
- Target
  
  bin/SilverBulletPro.Win.Core.pdb
- Size
  
  92KB
- MD5
  
  52a9fb156118fc4e3fb296dee2111944
- SHA1
  
  7267f7711c69ba0663cd2bf0c7c169ec800b57ad
- SHA256
  
  44513f1797ff0bfe06968285060954cc6a8bea320f4203c59c613164204edfe4
- SHA512
  
  3ed7cc05c6771ef01651e5a7d37a0d998be4d8595d402304b7be0d71f7196f03c0922dcba4e41855c38d834cf5a784e638779f8b4f273f2fd32f25a3108be368
- SSDEEP
  
  1536:sEaPAm6YFCfKMxCiE+NdFKbMnhlCT22nBMgA+pSsR9VIDzGDU2H6V:s9X6YFC/CluCa8Bizv2HQ
Score

3^/10
behavioral15
- Target
  
  bin/TesserNet.pdb
- Size
  
  15KB
- MD5
  
  6a0d4d5900c85a2ba9ce7c954d6b38f5
- SHA1
  
  ee5bb27d7085011b1d346ea8de2b4174b2c20fb4
- SHA256
  
  2bcc088f8664af53a462d443235a3da93567aad18a88a60c5962a723ff22b5ed
- SHA512
  
  2800e2b3582a37392fbbb87bf201efb21a7567029ca02504873d6a3d3ead39e77dbf72ccd012fa01760fdc5eee4f4e84c31b265cc05631ab1d2c419b18a83783
- SSDEEP
  
  384:VtFXcf/wUImiLGN3haDbAafx1R9JYlVBg+eHFt3eR0QNVNchVjOyUZTAxXQ:VtVWwUImiLGBYD2DGWJZANQ
Score

3^/10
behavioral16
- Target
  
  bin/TesserNet.xml
- Size
  
  47KB
- MD5
  
  f1dfc4490ad90da5e53b7e7ff5bb4069
- SHA1
  
  7f0006316d8f32aa7d0a50c05c8ab174d280e370
- SHA256
  
  f6e9f275f2d63850207a4853dfe907971537dd77fa04acbd2d346a2704ccdc53
- SHA512
  
  07c6adb3803c60fd507f7fd00614770f53a298a2ee28992103d520359a84317f79018be7594618a179306f054e4abd36d0a4ca3fbf02481ae63c33eae39e7102
- SSDEEP
  
  768:KKi2oMoK2KcKcKbQKTQKnmKnmKaQKiQKumKumKGKuKEKEKZKRKBKBKJDgpBcSdg8:KK/o3nJfGQcQGmcmPQVQPmVm3Fv5CUc2
Score

1^/10
behavioral17
- Target
  
  bin/Wpf.Ui.pdb
- Size
  
  92KB
- MD5
  
  13a750b55163fb4ed64cb50deadc1a75
- SHA1
  
  cda4ab85c7293da45eb88140a83f3d9a65288824
- SHA256
  
  09f694f80571f5b561d493233a2f6ce55970899c50b639f81031624ba90bc9e4
- SHA512
  
  81839ca9781464ee00c7e618bbb5f41d429ef4d64535961492036fb9bee5a1ba873758cb3d13c25733f8e25fa0485972ac9f429278a5737df912dc2131e9530c
- SSDEEP
  
  1536:bBvnpmFpINz0fTIopdDZFkXsf0RcXhB17u2BfgT6mIj5nt40v2mZUd6g:bPZNvopdDZFYs8u/17s+mIj5jg6g
Score

3^/10
behavioral18
- Target
  
  bin/Wpf.Ui.xml
- Size
  
  438KB
- MD5
  
  485284968608f83aca2cba76b182830b
- SHA1
  
  159a0692e11466195c53d36307a420fec644233d
- SHA256
  
  1afe827568c6e42c8fd9d2e90f0fb8dd43b15d862605ca06ccb44e69105fd93a
- SHA512
  
  4d6512692c931c31eda2c6d28a2cba9c3ac52d332fa5cacaa9a1715e9a4408cdeac4f1e842b799ec55ddf01b2b2c993a5389ab83c2235fbc2c4116ba21289823
- SSDEEP
  
  3072:Wk9MwSpSvU4bbFLvssk1Vyo01OSBRzjDI2ltTota/D2iIxRmlu8AgJ9Y3981/8w3:Wkuwa2U4bbFLvssk1SdEatTJ
Score

1^/10
behavioral19
- Target
  
  bin/dbip-country-lite.mmdb
- Size
  
  5.1MB
- MD5
  
  f3c50774fd678c5d9f4d188771497d12
- SHA1
  
  c046aae3dd785b920905c205d402af9640275215
- SHA256
  
  83f369ddcb560862996848b600ce1e5353659dcb9424c5e9dd7f6d980fc56a60
- SHA512
  
  85d6c5f597a83ac3cf2fdb4a0852e14fa313381ab726a768ff5a54696e1d0e56f442813628b365f4f86cbd6724fb14f56c811d89db6118d64117db918b9caebc
- SSDEEP
  
  49152:e6NVSqAtGMLxmoEYtEP5GruAFNpIA/kEYQy/j6/aihRQzp6tWxdSTzObGLqyvFR0:tNQqcGM2z5zofe
Score

3^/10
behavioral20
- Target
  
  runtimes/browser-wasm/nativeassets/net8.0/e_sqlite3.a
- Size
  
  1.1MB
- MD5
  
  4491a589a1c4c2ac7ef0dea098a7a098
- SHA1
  
  45b332e18f78955ec06319aeee9b17a30c708196
- SHA256
  
  01be7351d0d273d1516bdd96bd60453d1685b9bb177ae3e38b4c8e97ad5b3639
- SHA512
  
  34613765a36d20aa41985b88f9a56c872ec1e8f0e76db262ad287de74c8c80bfc6eb062e8b81797d74d6f8f41fdd37cc6549a3daaf93156f363951e90b91b0fc
- SSDEEP
  
  12288:Qn0LAILw95Vg9FaeeoJBK4K9/LMmnbyTvZOurGzXyqZI79t/d0UV2rwaZADaJF8I:PLLwDZBpMMzZ0PWI9/w+z80p0h2Xu
Score

3^/10
behavioral21
- Target
  
  runtimes/ios-arm/native/libMono.Unix.a
- Size
  
  554KB
- MD5
  
  76ebf738d1032ca004711d890d4841ad
- SHA1
  
  7761e4b9b685c0be96e59875df41179e8ea91565
- SHA256
  
  a6ad8ee42cf6e2b7b5ef1efa8c9c01bbd80cf799d9f339f933a8603ff589c0db
- SHA512
  
  423dca44765284458e17a0d1fdcea5e8758c91d22265be4a80f99f120b5eac04ffd640fcbd92e61fd69e44bcf318f085bc811c38a3463a94ac9eae4f23f6dbf7
- SSDEEP
  
  6144:bjGeHdvkZzDK/8kZtmyWyQAuHBy+RRLwn6el8kV4tKfSSLYYZo7DvE69LXPbdRCO:t9yifzWo+In6elzBLYYQL/3DDNsR8
Score

3^/10
behavioral22
- Target
  
  runtimes/ios-arm64/native/libMono.Unix.a
- Size
  
  609KB
- MD5
  
  e5477a593030d17c941eaa0cf229d823
- SHA1
  
  98c0b996b0ccdf435b8ff4ee1d92377c963a94ab
- SHA256
  
  1c59dc6377f6a97cf796a8a76eb2c54b1935ae3f559c5c58e67ccef539f330dd
- SHA512
  
  5f0a8aed69e4808f6529d519be6351d9529fc1312bb927fa9ebea16d6a9099df8e7dde184d46bac4cc53b548bf65d53d2ad873ece7fa9163833f850b47f0477d
- SSDEEP
  
  6144:YG9UtF7yKkkjzyQx0dNXR4Bts13U+qw5hc0ZmAChq6iyZ682wXagSgpPSLrPM:t4Yo6lWq6iW62pPz
Score

3^/10
behavioral23
- Target
  
  runtimes/ios-armv7s/native/libMono.Unix.a
- Size
  
  554KB
- MD5
  
  2c5aa0548d45cb09886e582fa498de31
- SHA1
  
  4def6d75fe16bd18af9b74d67cc298bef04f7a9c
- SHA256
  
  28305b1cac899e5a495d717cea0e9d119d81506a77152bcf9db7970076cc9a8c
- SHA512
  
  076ddb7e79f9ce0c060c37ce3784d618cfa48eded18148cc7bfe6ea61f18b96236ecd08631b081adcd8477f55a42db288ad8ab0d72aacbdac4d6ff22073570ea
- SSDEEP
  
  6144:F3G1futh1PhBDrdlqcSaGvKyQRY2tbW/pUR8PDwTvQ7469F+nmqPjRh9QvonBq2X:e+79ecnepBpDwkTYaoBtbxD
Score

3^/10
behavioral24
- Target
  
  runtimes/iossimulator-arm64/native/libMono.Unix.a
- Size
  
  612KB
- MD5
  
  a05a65a2a5c1475b5f333de545b7306c
- SHA1
  
  4356c84967622b0d7ae1e729d35418d1fd242d53
- SHA256
  
  4955a142dadfcc40315844d323449ef217e08204df04cb8ecc5a21d07776ce82
- SHA512
  
  91fbc621426c55569d44351ba1ab40afe35736d147f4aad1f91b50b8427c72850a1a81fc6a07b916eaa2109e2b11abbe1ae072adb67be38ceb9710e14ca86030
- SSDEEP
  
  6144:98G1UthXOZ3YDqyQfIDiRxpnMOGzWLTUbwbansgz5Q4r+TCMHfmncGuC:2I3c8gsgz24aO
Score

3^/10
behavioral25
- Target
  
  runtimes/iossimulator-x64/native/libMono.Unix.a
- Size
  
  613KB
- MD5
  
  9600ae833f467eefae5fd624cc87a4de
- SHA1
  
  20eb5249a78900ae80746c00d09e777301fe6670
- SHA256
  
  e5c3dd5c4bf25ca16a93d4f939a015758b969e4b6de74818210d9f77c330d6cd
- SHA512
  
  61a7bb7a7edfbdc6ea5c8f43456f50738a339f25775678c9c94d9eb89161752803762ebe5f20505c338d6c055f99515f2e4a6e7305a66fc7d02fef5ab7705eb9
- SSDEEP
  
  6144:MGqaMcdbfJXZD1Xi4eyQN8rdRrnPYNlt9VbJhYapDqwhgMNezWPlVVTnd9+PYBdX:tEP8fGLNhheWPlVJdLLF
Score

3^/10
behavioral26
- Target
  
  runtimes/maccatalyst-arm64/native/libMono.Unix.a
- Size
  
  608KB
- MD5
  
  c27fdd02251d0d7ff4d84ce99ab404f6
- SHA1
  
  e5b4ab120b7667e21dc0f6bb820879129f8d5986
- SHA256
  
  a5e8b37e44b6c489f1e8ee30d18f44d1eb8183fd70b17ceef335b0356a547b77
- SHA512
  
  f2363033140541a62384498edda74cc13f690c7c94f114690de9dd851947ed69d7c78bfd637c6cd8cb68744a1bb9abe34d30851421bdad5c70a5e80fb1301d6e
- SSDEEP
  
  6144:PGaUI6xc939logTDByQmYEtRZKLc13zBVis1V1EwKm4wIwcxrTOCDajXi8kxc:ZzoX0zE+wIwcxa
Score

3^/10
behavioral27
- Target
  
  runtimes/maccatalyst-x64/native/libMono.Unix.a
- Size
  
  611KB
- MD5
  
  bb2b7b0ade4ca9173cf4452527455d35
- SHA1
  
  680dcbccdb1e0c15d8dcb5a3ddcb0ebc1af2315a
- SHA256
  
  cca39b873aa340ec5322a6c585f8560ef792e9b14f85d10349f7e8abcd943837
- SHA512
  
  b37c9e6a8ae948f8188bf6b7e922b5e4f189e82495839512b920f79a6d6c765662556176fb9e56aba400aa213d29cdb54f1b046f0078927f93c915aa31cb1283
- SSDEEP
  
  6144:lGHZnxTXbwWfx5qXi4pyQzb2ROmJ1YqMOBFARZNsD/sOcFthQNh/Ibks639RuXOg:CdRKsr9cqh/IbklqA4
Score

3^/10
behavioral28
- Target
  
  runtimes/tvossimulator-x64/native/libMono.Unix.a
- Size
  
  613KB
- MD5
  
  86331cc6ad64b547ade04072e4a0a607
- SHA1
  
  6aebc6a4ae379b9716ec746ce0e493abdd7412d7
- SHA256
  
  737cf0703f9c4d012fd165aa14f37cf8d683a0abf0bb4118db0a9eaed7a043c4
- SHA512
  
  8424366c813d1a4c8fa7923c2c3c968e974d9c0bd71b0c22a468e5811f2de447d1df241054ca18f28214cfbb09ae854444f0c553c4b1f78e8e8b01c66f61bfd9
- SSDEEP
  
  6144:KGFU8/m7/qZ0U/alqPGXi4oyQQDfe1RA+lYngnzTEaSKAotY2w9lYs0SkL74mRnF:TmzOLBjPYLYs0Sgd6da
Score

3^/10
behavioral29
- Target
  
  runtimes/win-arm/native/e_sqlite3.dll
- Size
  
  1.1MB
- MD5
  
  b3d162b1b8d90a662b1aeebceb37823e
- SHA1
  
  a8577c057f01e2f9c9b60bfff3db7b33789a427f
- SHA256
  
  6098739e729776b9a221e4266fd9b43fb8b04013fd2dff23b617d3202eafae38
- SHA512
  
  fad3585515a1e73e5379423586e9ea9e5f0e49e4a79ede68af160b5cf7b64b21e57c5643d86d4be3188474ecf665a2d6f6a911ff66907a616d3d8e76c97cab7a
- SSDEEP
  
  24576:+po2Ihnr451XchrBTDxKjTJy7cR4bnyc:u7In0CdTDsjdQb
Score

1^/10
behavioral30
- Target
  
  教程/DefenderRemover.7z
- Size
  
  577KB
- MD5
  
  dd1de9b2f3fd46946dcf7c0e5d3f3ab7
- SHA1
  
  9ffe5ccb4ce146ad7e06718813b88626d5691b58
- SHA256
  
  b751a0a4536bb9e5d454ab74b021650479ab1a46792b2616968183589dd8abd5
- SHA512
  
  a9f9fccba3d4df7b9e77e625a94c8f708cd2ef856ce0530c81ac2dda424bcd90cc046d926660e5f5fdb4264c87f6ccf3fb92d4535dc7304e57dd1b53698369b6
- SSDEEP
  
  12288:Z/zIqzxKKVnRgq59fr/vLF6/hD90u9ngybChq6fvqAFmyP:JIcKKVtnF6/XXp0hzqAIyP
Score

3^/10
behavioral31
- Target
  
  教程/README.md
- Size
  
  476B
- MD5
  
  6e76a8795de8c53321947c93e61ab794
- SHA1
  
  5db1e8756723c9673ee5fc7c4a0f6dc91eaf0981
- SHA256
  
  8074ecc13f2dbc22af9f4d779ead5687fe2942647b716f6684803fede15e1f7a
- SHA512
  
  b629e975b37dbe6ac90c786e1e8a7a540a582f37dd921339d9f52f18d0aaf2c183fd84b27e893af866461b105a6cd6d54a3e34829ac1753fe773955383f5f1f9
Score

3^/10
behavioral32