Xena Rat 2[.]0 (1)[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Xena Rat 2.0 (1).zip
Size

4.3MB
MD5

7447041adb520363e06c2f85f3f45478
SHA1

328e83e0c9f0962f3b1b4786c4643c8e87fae681
SHA256

c9e243a3d14067ff89170573f4dad9b8b61584e220e8b470ed792dbf584e77bc
SHA512

16b75d8217c995dbca53ce487d799f41604c1fc66d4bc8d8f0898141e5b636f319291de75244565e227f14504d7a235405eb0b50b6e9fb92cb9114beb51a6bdc
SSDEEP

98304:MXcx4oVVYBGNtHkylJB0hiOxpxE59xR1OJkueorVtMtdpke85lncCTcFxY:MXcx4MV53EylJB0EOv8PqCupxtMt3sdD

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Xena Rat 2.0/ReadMe.exe	upx
static1/unpack001/Xena Rat 2.0/stub/upx.exe	upx

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Xena Rat 2.0/ReadMe.exe
unpack001/Xena Rat 2.0/Xena RAT - 2.0.0.exe
unpack001/Xena Rat 2.0/client.exe
unpack001/Xena Rat 2.0/locker
unpack001/Xena Rat 2.0/stub/stub.exe
unpack001/Xena Rat 2.0/stub/upx.exe

Files

Xena Rat 2.0 (1).zip
.zip
Xena Rat 2.0/Profiles/user
Xena Rat 2.0/ReadMe.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 572KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 200KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Xena Rat 2.0/Settings.ini
Xena Rat 2.0/Xena RAT - 2.0.0.exe
.exe windows:4 windows x86 arch:x86

b7cc86d2ca27cdabf9e4c858f538a632

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

IsDebuggerPresent
OpenThread
Sleep
TlsSetValue
lstrcpyA
DeleteCriticalSection

advapi32

RegQueryValueExA
RegQueryValueExA

comctl32

ImageList_SetIconSize

comdlg32

GetSaveFileNameA

gdi32

UnrealizeObject

msacm32

acmStreamUnprepareHeader

ole32

CreateStreamOnHGlobal
CoTaskMemFree

oleaut32

SafeArrayPtrOfIndex
GetErrorInfo
SysFreeString

shell32

SHGetSpecialFolderLocation
Shell_NotifyIconA

user32

CreateWindowExA
GetKeyboardType

version

VerQueryValueA

wininet

InternetGetConnectedState

winmm

waveOutWrite

winspool.drv

OpenPrinterA

wsock32

__WSAFDIsSet

msvcrt

strncpy

iphlpapi

GetInterfaceInfo

psapi

GetMappedFileNameW

Sections

CODE
Size: 1.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sedata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xena Rat 2.0/client.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xena Rat 2.0/locker
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xena Rat 2.0/stub/stub.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 452KB - Virtual size: 451KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 16B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Xena Rat 2.0/stub/upx.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

UPX0
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 296KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Xena Rat 2.0/wolf.xt

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 572KB

UPX1 Size: 200KB - Virtual size: 204KB

.rsrc Size: 162KB - Virtual size: 164KB

b7cc86d2ca27cdabf9e4c858f538a632

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msacm32

ole32

oleaut32

shell32

user32

version

wininet

winmm

winspool.drv

wsock32

msvcrt

iphlpapi

psapi

Sections

CODE Size: 1.5MB - Virtual size: 4.5MB

.sedata Size: 1.5MB - Virtual size: 1.5MB

.idata Size: 2KB - Virtual size: 4KB

.rsrc Size: 32KB - Virtual size: 36KB

.sedata Size: 4KB - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 452KB - Virtual size: 451KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 26KB - Virtual size: 26KB

.rsrc Size: 37KB - Virtual size: 37KB

Headers

File Characteristics

Sections

CODE Size: 1.1MB - Virtual size: 1.1MB

DATA Size: 21KB - Virtual size: 21KB

BSS Size: - Virtual size: 4KB

.idata Size: 11KB - Virtual size: 10KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 54KB - Virtual size: 54KB

.rsrc Size: 116KB - Virtual size: 116KB

Headers

File Characteristics

Sections

CODE Size: 452KB - Virtual size: 451KB

DATA Size: 7KB - Virtual size: 6KB

BSS Size: - Virtual size: 3KB

.idata Size: 11KB - Virtual size: 11KB

.tls Size: - Virtual size: 16B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 26KB - Virtual size: 26KB

.rsrc Size: 37KB - Virtual size: 37KB

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 1.3MB

UPX1 Size: 296KB - Virtual size: 296KB

.rsrc Size: 1KB - Virtual size: 4KB

UPX0
Size: - Virtual size: 572KB

UPX1
Size: 200KB - Virtual size: 204KB

.rsrc
Size: 162KB - Virtual size: 164KB

CODE
Size: 1.5MB - Virtual size: 4.5MB

.sedata
Size: 1.5MB - Virtual size: 1.5MB

.idata
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 32KB - Virtual size: 36KB

.sedata
Size: 4KB - Virtual size: 4KB

CODE
Size: 452KB - Virtual size: 451KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 37KB - Virtual size: 37KB

CODE
Size: 1.1MB - Virtual size: 1.1MB

DATA
Size: 21KB - Virtual size: 21KB

BSS
Size: - Virtual size: 4KB

.idata
Size: 11KB - Virtual size: 10KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 54KB - Virtual size: 54KB

.rsrc
Size: 116KB - Virtual size: 116KB

CODE
Size: 452KB - Virtual size: 451KB

DATA
Size: 7KB - Virtual size: 6KB

BSS
Size: - Virtual size: 3KB

.idata
Size: 11KB - Virtual size: 11KB

.tls
Size: - Virtual size: 16B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 26KB - Virtual size: 26KB

.rsrc
Size: 37KB - Virtual size: 37KB

UPX0
Size: - Virtual size: 1.3MB

UPX1
Size: 296KB - Virtual size: 296KB

.rsrc
Size: 1KB - Virtual size: 4KB