Extracted

• • Target

    60f80dc4f2c5527b4289849912247bf001489d77b92e01c46935ce37e94c93f4.exe

  • Size

    627KB

  • MD5

    5283ba14a34c7c26a5073603189c3145

  • SHA1

    f95656735b336e6afc386e74c500a659ecd8599c

  • SHA256

    60f80dc4f2c5527b4289849912247bf001489d77b92e01c46935ce37e94c93f4

  • SHA512

    029ba814a4be983eed33fdc91a131542697f12eb958f3ddbc0285b131eb2b5a830a4120d0a643c635865bc8ae4144fa44d4a543fe0bd4abb7d359e0c5f4fd154

  • SSDEEP

    12288:30zQXX5rbFkeHZs1J2XjC9md6sCKELS30C8v3Sfvyowp6GMGHDtN:30zQXX5reeHZs1Uzt6sCTC8v30VGpHb

  Score

  10^/10

  xwormdiscoveryrattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • .NET Reactor proctector

    Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

  • Suspicious use of SetThreadContext

  behavioral1behavioral2