xenorat | 55d925ec2ec4be1ec23cbba05ce16b3c4d485397b05ca9e2410c845ad632da13 | Triage

Sharing

General

Target

55d925ec2ec4be1ec23cbba05ce16b3c4d485397b05ca9e2410c845ad632da13
Size

20KB
MD5

7858e878b38baddf84b4b53091e41b5d
SHA1

2da095bf39d58770e960b9da66d6af8e951ab9bc
SHA256

55d925ec2ec4be1ec23cbba05ce16b3c4d485397b05ca9e2410c845ad632da13
SHA512

4fbac30cbba9f9c2d24ae3c0a7148eb419d145692dff848c7e3976c0b9a42e8ac27c6ea67676dbeade5f11c4f5cdcf0c58f8ca55f3ffe6dd73a37a223011fc31
SSDEEP

384:6b+02ii4dZ2tSE2PESEMADVuhBDBGiTMSUHqrbteqxEMZ2CiEB4LNLRK:6r2NJ5l8lPrbtZ4EB4hLM

Score

10^/10

xenorat

Malware Config

Signatures

Detect XenoRat Payload 1 IoCs

resource	yara_rule
sample	family_xenorat

Xenorat family
xenorat

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
55d925ec2ec4be1ec23cbba05ce16b3c4d485397b05ca9e2410c845ad632da13

Files

55d925ec2ec4be1ec23cbba05ce16b3c4d485397b05ca9e2410c845ad632da13
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Skymil\Downloads\Telegram Desktop\xeno-rat-main\Plugins\Uacbypass\obj\Debug\Uacbypass.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ