Extracted

• • Target

    7c13325d6a8d39c109967a36405b46fe3161eca9e7b9abb3b79e877997ddfd25

  • Size

    6.3MB

  • MD5

    4149a40b2d855ce0ab30df3750d3644c

  • SHA1

    75a8cbfffc5721509cff1aec9d7ec129c4e59d0b

  • SHA256

    7c13325d6a8d39c109967a36405b46fe3161eca9e7b9abb3b79e877997ddfd25

  • SHA512

    be86514ebb0452e461215fb4b5d99772697406943d7f8787e5f007e0dc396c8dfc19737a9c28b084a7d0c1612ee587608ff8ccde3341ce5a169e2b358c5d5f13

  • SSDEEP

    98304:lXTFjm3UAtTlMmsoWXCo0B4nDk1vmp28nnnYFpyy3xjtVqox:lXTFjm3TtTlMPoW4B95mpsdxGox

  Score

  10^/10

  xwormdiscoverypersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2