xenorat | Release (1)[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Release (1).zip
Size

6.4MB
MD5

89661a9ff6de529497fec56a112bf75e
SHA1

2dd31a19489f4d7c562b647f69117e31b894b5c3
SHA256

e7b275d70655db9cb43fa606bbe2e4f22478ca4962bbf9f299d66eda567d63cd
SHA512

33c765bf85fbec0e58924ece948b80a7d73b7577557eaac8865e481c61ad6b71f8b5b846026103239b3bd21f438ff0d7c1430a51a4a149f16a215faad6dab68f
SSDEEP

196608:SYNI1S7C6S230UwVLW83FUSA7WQZzwM3/C2cM7m2:rNIs7CDvB1USA7WS/vcx2

Score

10^/10

xenorat

Malware Config

Extracted

Family

xenorat

localhost

Mutex

testing 123123

Attributes

delay
1000
install_path
nothingset
port
1234
startup_name
nothingset

Signatures

Detect XenoRat Payload 18 IoCs

Processes:

resource	yara_rule
static1/unpack001/plugins/Chat.dll	family_xenorat
static1/unpack001/plugins/File manager.dll	family_xenorat
static1/unpack001/plugins/Fun.dll	family_xenorat
static1/unpack001/plugins/Hvnc.dll	family_xenorat
static1/unpack001/plugins/InfoGrab.dll	family_xenorat
static1/unpack001/plugins/KeyLogger.dll	family_xenorat
static1/unpack001/plugins/KeyLoggerOffline.dll	family_xenorat
static1/unpack001/plugins/LiveMicrophone.dll	family_xenorat
static1/unpack001/plugins/ProcessManager.dll	family_xenorat
static1/unpack001/plugins/Registry Manager.dll	family_xenorat
static1/unpack001/plugins/ReverseProxy.dll	family_xenorat
static1/unpack001/plugins/ScreenControl.dll	family_xenorat
static1/unpack001/plugins/Shell.dll	family_xenorat
static1/unpack001/plugins/Startup.dll	family_xenorat
static1/unpack001/plugins/SystemPower.dll	family_xenorat
static1/unpack001/plugins/Uacbypass.dll	family_xenorat
static1/unpack001/plugins/WebCam.dll	family_xenorat
static1/unpack001/stub/xeno rat client.exe	family_xenorat

Xenorat family
xenorat

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/plugins/Chat.dll
unpack001/plugins/File manager.dll
unpack001/plugins/Fun.dll
unpack001/plugins/Hvnc.dll
unpack001/plugins/InfoGrab.dll
unpack001/plugins/KeyLogger.dll
unpack001/plugins/KeyLoggerOffline.dll
unpack001/plugins/LiveMicrophone.dll
unpack001/plugins/ProcessManager.dll
unpack001/plugins/Registry Manager.dll
unpack001/plugins/ReverseProxy.dll
unpack001/plugins/ScreenControl.dll
unpack001/plugins/Shell.dll
unpack001/plugins/Startup.dll
unpack001/plugins/SystemPower.dll
unpack001/plugins/Uacbypass.dll
unpack001/plugins/WebCam.dll
unpack001/stub/xeno rat client.exe
unpack001/xeno rat server.exe

Files

Release (1).zip
.zip
country_flags/GeoLite2-Country.mmdb
country_flags/ad.png
.png
country_flags/ae.png
.png
country_flags/af.png
.png
country_flags/ag.png
.png
country_flags/ai.png
.png
country_flags/al.png
.png
country_flags/am.png
.png
country_flags/ao.png
.png
country_flags/aq.png
.png
country_flags/ar.png
.png
country_flags/as.png
.png
country_flags/at.png
.png
country_flags/au.png
.png
country_flags/aw.png
.png
country_flags/ax.png
.png
country_flags/az.png
.png
country_flags/ba.png
.png
country_flags/bb.png
.png
country_flags/bd.png
.png
country_flags/be.png
.png
country_flags/bf.png
.png
country_flags/bg.png
.png
country_flags/bh.png
.png
country_flags/bi.png
.png
country_flags/bj.png
.png
country_flags/bl.png
.png
country_flags/bm.png
.png
country_flags/bn.png
.png
country_flags/bo.png
.png
country_flags/bq.png
.png
country_flags/br.png
.png
country_flags/bs.png
.png
country_flags/bt.png
.png
country_flags/bv.png
.png
country_flags/bw.png
.png
country_flags/by.png
.png
country_flags/bz.png
.png
country_flags/ca.png
.png
country_flags/cc.png
.png
country_flags/cd.png
.png
country_flags/cf.png
.png
country_flags/cg.png
.png
country_flags/ch.png
.png
country_flags/ci.png
.png
country_flags/ck.png
.png
country_flags/cl.png
.png
country_flags/cm.png
.png
country_flags/cn.png
.png
country_flags/co.png
.png
country_flags/cr.png
.png
country_flags/cu.png
.png
country_flags/cv.png
.png
country_flags/cw.png
.png
country_flags/cx.png
.png
country_flags/cy.png
.png
country_flags/cz.png
.png
country_flags/de.png
.png
country_flags/dj.png
.png
country_flags/dk.png
.png
country_flags/dm.png
.png
country_flags/do.png
.png
country_flags/dz.png
.png
country_flags/ec.png
.png
country_flags/ee.png
.png
country_flags/eg.png
.png
country_flags/eh.png
.png
country_flags/er.png
.png
country_flags/es.png
.png
country_flags/et.png
.png
country_flags/fi.png
.png
country_flags/fj.png
.png
country_flags/fk.png
.png
country_flags/fm.png
.png
country_flags/fo.png
.png
country_flags/fr.png
.png
country_flags/ga.png
.png
country_flags/gb-eng.png
.png
country_flags/gb-nir.png
.png
country_flags/gb-sct.png
.png
country_flags/gb-wls.png
.png
country_flags/gb.png
.png
country_flags/gd.png
.png
country_flags/ge.png
.png
country_flags/gf.png
.png
country_flags/gg.png
.png
country_flags/gh.png
.png
country_flags/gi.png
.png
country_flags/gl.png
.png
country_flags/gm.png
.png
country_flags/gn.png
.png
country_flags/gp.png
.png
country_flags/gq.png
.png
country_flags/gr.png
.png
country_flags/gs.png
.png
country_flags/gt.png
.png
country_flags/gu.png
.png
country_flags/gw.png
.png
country_flags/gy.png
.png
country_flags/hk.png
.png
country_flags/hm.png
.png
country_flags/hn.png
.png
country_flags/hr.png
.png
country_flags/ht.png
.png
country_flags/hu.png
.png
country_flags/id.png
.png
country_flags/ie.png
.png
country_flags/il.png
.png
country_flags/im.png
.png
country_flags/in.png
.png
country_flags/io.png
.png
country_flags/iq.png
.png
country_flags/ir.png
.png
country_flags/is.png
.png
country_flags/it.png
.png
country_flags/je.png
.png
country_flags/jm.png
.png
country_flags/jo.png
.png
country_flags/jp.png
.png
country_flags/ke.png
.png
country_flags/kg.png
.png
country_flags/kh.png
.png
country_flags/ki.png
.png
country_flags/km.png
.png
country_flags/kn.png
.png
country_flags/kp.png
.png
country_flags/kr.png
.png
country_flags/kw.png
.png
country_flags/ky.png
.png
country_flags/kz.png
.png
country_flags/la.png
.png
country_flags/lb.png
.png
country_flags/lc.png
.png
country_flags/li.png
.png
country_flags/lk.png
.png
country_flags/lr.png
.png
country_flags/ls.png
.png
country_flags/lt.png
.png
country_flags/lu.png
.png
country_flags/lv.png
.png
country_flags/ly.png
.png
country_flags/ma.png
.png
country_flags/mc.png
.png
country_flags/md.png
.png
country_flags/me.png
.png
country_flags/mf.png
.png
country_flags/mg.png
.png
country_flags/mh.png
.png
country_flags/missing.png
.png
country_flags/mk.png
.png
country_flags/ml.png
.png
country_flags/mm.png
.png
country_flags/mn.png
.png
country_flags/mo.png
.png
country_flags/mp.png
.png
country_flags/mq.png
.png
country_flags/mr.png
.png
country_flags/ms.png
.png
country_flags/mt.png
.png
country_flags/mu.png
.png
country_flags/mv.png
.png
country_flags/mw.png
.png
country_flags/mx.png
.png
country_flags/my.png
.png
country_flags/mz.png
.png
country_flags/na.png
.png
country_flags/nc.png
.png
country_flags/ne.png
.png
country_flags/nf.png
.png
country_flags/ng.png
.png
country_flags/ni.png
.png
country_flags/nl.png
.png
country_flags/no.png
.png
country_flags/np.png
.png
country_flags/nr.png
.png
country_flags/nu.png
.png
country_flags/nz.png
.png
country_flags/om.png
.png
country_flags/pa.png
.png
country_flags/pe.png
.png
country_flags/pf.png
.png
country_flags/pg.png
.png
country_flags/ph.png
.png
country_flags/pk.png
.png
country_flags/pl.png
.png
country_flags/pm.png
.png
country_flags/pn.png
.png
country_flags/pr.png
.png
country_flags/ps.png
.png
country_flags/pt.png
.png
country_flags/pw.png
.png
country_flags/py.png
.png
country_flags/qa.png
.png
country_flags/re.png
.png
country_flags/ro.png
.png
country_flags/rs.png
.png
country_flags/ru.png
.png
country_flags/rw.png
.png
country_flags/sa.png
.png
country_flags/sb.png
.png
country_flags/sc.png
.png
country_flags/sd.png
.png
country_flags/se.png
.png
country_flags/sg.png
.png
country_flags/sh.png
.png
country_flags/si.png
.png
country_flags/sj.png
.png
country_flags/sk.png
.png
country_flags/sl.png
.png
country_flags/sm.png
.png
country_flags/sn.png
.png
country_flags/so.png
.png
country_flags/sr.png
.png
country_flags/ss.png
.png
country_flags/st.png
.png
country_flags/sv.png
.png
country_flags/sx.png
.png
country_flags/sy.png
.png
country_flags/sz.png
.png
country_flags/tc.png
.png
country_flags/td.png
.png
country_flags/tf.png
.png
country_flags/tg.png
.png
country_flags/th.png
.png
country_flags/tj.png
.png
country_flags/tk.png
.png
country_flags/tl.png
.png
country_flags/tm.png
.png
country_flags/tn.png
.png
country_flags/to.png
.png
country_flags/tr.png
.png
country_flags/tt.png
.png
country_flags/tv.png
.png
country_flags/tw.png
.png
country_flags/tz.png
.png
country_flags/ua.png
.png
country_flags/ug.png
.png
country_flags/um.png
.png
country_flags/us.png
.png
country_flags/uy.png
.png
country_flags/uz.png
.png
country_flags/va.png
.png
country_flags/vc.png
.png
country_flags/ve.png
.png
country_flags/vg.png
.png
country_flags/vi.png
.png
country_flags/vn.png
.png
country_flags/vu.png
.png
country_flags/wf.png
.png
country_flags/ws.png
.png
country_flags/xk.png
.png
country_flags/ye.png
.png
country_flags/yt.png
.png
country_flags/za.png
.png
country_flags/zm.png
.png
country_flags/zw.png
.png
plugins/Chat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Chat\obj\Release\Chat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/File manager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\File manager\obj\Release\File manager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Fun.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Fun\obj\Release\Fun.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Hvnc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Hvnc\obj\Release\Hvnc.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/InfoGrab.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\PassGrab\obj\Release\InfoGrab.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 969KB - Virtual size: 969KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/KeyLogger.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\KeyLogger\obj\Release\KeyLogger.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/KeyLoggerOffline.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\KeyLoggerOffline\obj\Release\KeyLoggerOffline.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/LiveMicrophone.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\LiveMicrophone\obj\Release\LiveMicrophone.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 492KB - Virtual size: 491KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/ProcessManager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\ProcessManager\obj\Release\ProcessManager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Registry Manager.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Registry Manager\obj\Release\Registry Manager.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/ReverseProxy.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\ReverseProxy\obj\Release\ReverseProxy.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/ScreenControl.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\ScreenControl\obj\Release\ScreenControl.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Shell.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Shell\obj\Release\Shell.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 856B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Startup.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Startup\obj\Release\Startup.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/SystemPower.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\System\obj\Release\SystemPower.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Uacbypass.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\Uacbypass\obj\Release\Uacbypass.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/WebCam.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\WebCam\obj\Release\WebCam.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
stub/xeno rat client.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\xeno rat client\obj\Release\xeno rat client.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
xeno rat server.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\moom825\Desktop\xeno-rat\xeno-rat\xeno rat server\obj\Release\xeno rat server.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 14KB - Virtual size: 14KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 8KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 42KB - Virtual size: 41KB

.rsrc Size: 1024B - Virtual size: 856B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 969KB - Virtual size: 969KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 10KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 888B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 42KB - Virtual size: 41KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 969KB - Virtual size: 969KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 492KB - Virtual size: 491KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 15KB - Virtual size: 14KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1024B - Virtual size: 856B

.reloc
Size: 512B - Virtual size: 12B