Extracted

• • Target

    это вирус точно 100%.exe

  • Size

    40KB

  • MD5

    1b5eb77c95028f1f0a037cdf922e59d7

  • SHA1

    50acd4ca6a89d06ff90e2535ce61b9ed590839e6

  • SHA256

    149acfe76687a7b65baca4ffefc576ca1baa7eb54113212622831049da88d994

  • SHA512

    801a611fcbcdedec916e731e39a3ba84e12810ef9ac1ecd4737cd561a7ba3e3b37f5ffd4783520494dae5beb55c6066468882a69e3ca56382e72e84e2aec4c22

  • SSDEEP

    768:qa7krH8jlOMW88A4NVlwXDUDX+WcvQzFPc9YHLOphbQ4Z:f7krHGlOVYe5SEFk9YHLOp24Z

  Score

  10^/10

  xwormpersistencerattrojan

  • Detect Xworm Payload

  • Xworm

    Xworm is a remote access trojan written in C#.

    trojanratxworm

  • Xworm family

    xworm

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file

  • Executes dropped EXE

  • Adds Run key to start application

    persistence
  behavioral1behavioral2