Extracted

• • Target

    PROFORMA_INVOICE_pdf.exe

  • Size

    761KB

  • MD5

    66dd27da37cdd67246a447220949d943

  • SHA1

    9158ff8fa1c879152487665c0dc37e8d6c91b00d

  • SHA256

    eb20acaf619f8bec9cf1e1353600b3825744b86b0a4281a299efefeb91b93c35

  • SHA512

    98f2a3e56eeb4bcee9a1f055e1f8cbb12cc4e3333a04a3b7770b4b30bd74ea18f1220a71679188d3e925d945449f522664ba75cd6fe4c3771aa8715cd52981d8

  • SSDEEP

    12288:wQ1n6Xu/kw+RL8RaE8qr/y9uBQBIBfFYTSanW6ivuB5oW:L6+4Ed/ycsI8uyIW

  Score

  10^/10

  xloaderme2zdiscoveryloaderrat

  • Xloader

    Xloader is a rebranded version of Formbook malware.

    loaderxloader

  • Xloader family

    xloader

  • Xloader payload

    rat

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Suspicious use of SetThreadContext

  behavioral1behavioral2