Malicious
9edf2ea67490be79d8b2913d6e5887ac
PE Executable | MD5: 9edf2ea67490be79d8b2913d6e5887ac | Size: 10.73 MB | application/x-dosexec
PE Executable
MD5: 9edf2ea67490be79d8b2913d6e5887ac
Size: 10.73 MB
application/x-dosexec
Infection Chain
Summary by MalvaGPT
Characteristics
|
Hash | Hash Value |
|---|---|
| MD5 | 9edf2ea67490be79d8b2913d6e5887ac
|
| Sha1 | 4d7a81b0bc38cac442f80c81a3ff3de1beef3159
|
| Sha256 | 44cbb9ba318ddc687dca3e0dfeba30db5469d50c9bbdbbfb5888efdd9889439e
|
| Sha384 | c128aa88977a6fadea69ec2d429e2ebb1fa0f240eb56b5674454ebee505e04b97b46153dbd5bb9bb9ceae72d2d629a22
|
| Sha512 | 82d175be7146ad41fe7b491b6a60a71fc461d72be20b639abe37645b0e6d8af1e01c67c98cd02e0ed9a5401bc92e048e7d6941384f3283245ce37546af9738d5
|
| SSDeep | 196608:WmmunL7Y01Kwo2g9oiRzOtuRwZYrL1kehn4i7jy:WNunLk0Xo2g9oilOtutRka4i7jy
|
| TLSH | CBB67B06B281C802CC7819B148164FE066B47E8D5F68D9A5B8C8777C6BFA1CDB1677F2
|
PeID
Borland Delphi 7 - Nstd EP - ASL sign
HQR data file
Microsoft Visual C++ 6.0 DLL (Debug)
Microsoft Visual C++ 7.0 - 8.0
Microsoft Visual C++ v6.0 DLL
Microsoft WAV Audio file
PureBasic DLL -> Neil Hodgson
UPolyX 0.3 -> delikon
File Structure
9edf2ea67490be79d8b2913d6e5887ac
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0-preview.png
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Malicious
Xworm.About.resources
$this.Icon
[NBF]root.IconData
PictureBox2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PictureBox3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.ACT.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
ToolStripMenuItem4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Chat.resources
$this.Icon
[NBF]root.IconData
Xworm.Clipper.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.CustomOpen.resources
$this.Icon
[NBF]root.IconData
Xworm.DDosAttack.resources
$this.Icon
[NBF]root.IconData
Xworm.EditReg.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.FilesSearcher.resources
$this.Icon
[NBF]root.IconData
AddToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RemoveToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.FM.resources
$this.Icon
[NBF]root.IconData
AppDataToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BackToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CopyToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CutToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DecryptToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DeleteToolStripMenuItem1.Image
DownloadFolderToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DownloadToolStripMenuItem1.Image
EditToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EncryptToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ExecuteToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FileHashToolStripMenuItem.Image
FolderLockToolStripMenuItem.Image
FtpToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2GradientButton4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenInstallationlToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
LockToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NewFileToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NewFolderToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NormalToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PasteToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PlayMusicToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PlayToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RenameToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunAsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SendFromLinkToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SetBackgroundToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SettingsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShowHideToolStripMenuItem1.Image
StopToolStripMenuItem1.Image
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UnlockToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UnzipToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UploadToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UploadToolStripMenuItem2.Image
ZipToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ZipToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Builder.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox2.IconLeft
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox2.IconRight
[NBF]root.Data
[NBF]root.Data-preview.png
ImageList1.ImageStream
[NBF]root.Data
PictureBox2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Clipboard.resources
$this.Icon
[NBF]root.IconData
GetTextToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SetTextToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Hash.resources
$this.Icon
[NBF]root.IconData
Xworm.HBrowser.resources
$this.Icon
[NBF]root.IconData
BraveToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BrowserToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ChromeToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CloseToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CustomOpenToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FireFoxToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
GetScreenToolStripMenuItem.Image
MicrosoftEdgeToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RefreshToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Main.resources
ActiveWindowsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BlankScreenToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BotkillerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ChromiumToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ClientChatToolStripMenuItem.Image
ClientFolderToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ClientToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CloseToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CommandsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DDosAttackToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DecryptToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DeleteRestoreToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DisableToolStripMenuItem10.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DiscordTokenToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DiskToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EditHostsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EnableToolStripMenuItem10.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EncryptToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ExitToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Extra1ToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FileManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FilesSearcherToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FileZillaToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FirewallToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FromLinkToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FromMemoryToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button5.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox1.IconLeft
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenAppsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenBrowserToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenVNCToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ii.ImageStream
[NBF]root.Data
InformationToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
InstalledProgramsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
InvokeBSODToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
KeyloggerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
KeyLoggerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
KitToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
LocationManagerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
LogoffToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MessageBoxToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MetaMaskToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MicrophoneToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MonitorToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Net35InstallToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NoteToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NotifyIcon1.Icon
[NBF]root.IconData
OpenUrlToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
OptionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PastimeToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PerformanceToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PowerToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ProcessManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ProductKeyToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RansomwareToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RecoveryOptionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RegeditToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ReportWindowToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ResetScaleToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestartToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestartToolStripMenuItem4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ReverseProxyToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunAsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunFileToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunPEToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunRecoveryToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ServiceManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShellToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShowToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShutdownToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
StartupManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SteamTokennToolStripMenuItem3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
TaskMgrToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
TCPConnectionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
TelegramSessionToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem6.Image
ToolStripMenuItem7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UACBypassToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UACToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UninstallPluginsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UpdateAllClientsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
V20AutoToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
V20TwoToolStripMenuItem3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
VBNetCompilerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
VoiceChatToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDDisableToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDExclusionToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDExclusionToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDKillerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WebCamToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WifiKeysToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.HVNC.resources
$this.Icon
[NBF]root.IconData
Xworm.HApps.resources
$this.Icon
[NBF]root.IconData
ApplactionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CommandPromptToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CustomOpenToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PowerShellToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestartToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestoreToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WindowToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Ftp.resources
$this.Icon
[NBF]root.IconData
Xworm.Fun.resources
$this.Icon
[NBF]root.IconData
Xworm.Hosts.resources
$this.Icon
[NBF]root.IconData
ToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.INFO.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
SaveToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Keylogger.resources
$this.Icon
[NBF]root.IconData
SelectAllToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Maps.resources
$this.Icon
[NBF]root.IconData
BrowserToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
GPSToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.MBox.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.MIC.resources
$this.Icon
[NBF]root.IconData
PictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.ngrok.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Performance.resources
$this.Icon
[NBF]root.IconData
PictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Port.resources
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox1.IconLeft
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.ProcessV.resources
$this.Icon
[NBF]root.IconData
RestartToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ResumeToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Programs.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.Proxy.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Ransomware.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Registry.resources
AddToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DeleteToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EditToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NewValueToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RemoveToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
img.ImageStream
[NBF]root.Data
Xworm.RemoteDesktop.resources
$this.Icon
[NBF]root.IconData
Xworm.RunPE.resources
$this.Icon
[NBF]root.IconData
Xworm.ServiceManager.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
PauseToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunningToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
StoppedToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Sound.resources
$this.Icon
[NBF]root.IconData
PictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PictureBox2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.StartupManager.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.TBotNotify.resources
$this.Icon
[NBF]root.IconData
Xworm.TcpConnectionForm.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.Shell.resources
$this.Icon
[NBF]root.IconData
Xworm.ToolsBox.resources
$this.Icon
[NBF]root.IconData
FalseToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2GradientButton2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2GradientButton6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ImageList1.ImageStream
[NBF]root.Data
TrueToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.TXT.resources
$this.Icon
[NBF]root.IconData
ToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.VBCode.resources
$this.Icon
[NBF]root.IconData
ErrorTestToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
editor.ServiceColors
Xworm.VoiceChat.resources
$this.Icon
[NBF]root.IconData
Xworm.WebCam.resources
$this.Icon
[NBF]root.IconData
CD
[NBF]root.Data
[NBF]root.Data-preview.png
Chat
Folder
[NBF]root.Data
[NBF]root.Data-preview.png
HDD
[NBF]root.Data
[NBF]root.Data-preview.png
Information
[NBF]root.Data
[NBF]root.Data-preview.png
Intro
Network
[NBF]root.Data
[NBF]root.Data-preview.png
Play
[NBF]root.Data
[NBF]root.Data-preview.png
Question
[NBF]root.Data
[NBF]root.Data-preview.png
USB
[NBF]root.Data
[NBF]root.Data-preview.png
Warning
[NBF]root.Data
[NBF]root.Data-preview.png
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.sxdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
ID:0012
ID:1033
ID:0013
ID:1033
ID:0014
ID:1033
ID:0015
ID:1033
ID:0016
ID:1033
ID:0017
ID:1033
ID:0018
ID:1033
ID:0019
ID:1033
ID:001A
ID:1033
ID:001B
ID:1033
ID:001C
ID:1033
ID:001D
ID:1033
ID:001E
ID:1033
ID:001F
ID:1033
ID:0020
ID:1033
ID:0021
ID:1033
ID:0022
ID:1033
ID:0023
ID:1033
ID:0024
ID:1033
ID:0025
ID:1033
ID:0026
ID:1033
ID:0027
ID:1033
ID:0028
ID:1033
ID:0029
ID:1033
ID:002A
ID:1033
ID:002B
ID:1033
ID:002C
ID:1033
ID:002D
ID:1033
ID:002E
ID:1033
ID:002F
ID:1033
ID:0030
ID:1033
ID:0031
ID:1033
ID:0032
ID:1033
ID:0033
ID:1033
ID:0034
ID:1033
RT_STRING
ID:0007
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
ID:0012
ID:1033
ID:0013
ID:1033
ID:0014
ID:1033
ID:0015
ID:1033
ID:0016
ID:1033
ID:0017
ID:1033
ID:0018
ID:1033
RT_VERSION
ID:0001
ID:1033
_Error
[NBF]root.Data
[NBF]root.Data-preview.png
_Stop
[NBF]root.Data
[NBF]root.Data-preview.png
tqjnjpxujoir
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
Malware Configuration - XWorm config.
|
Config. Field0 | Value |
|---|---|
| Mutex | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 |
| SPL | -=> |
| KEY | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 |
| family | xworm |
Informations
|
Name0 | Value |
|---|---|
| Info | PE Detect: PeReader OK (file layout) |
Artefacts
|
Name0 | Value |
|---|---|
| URLs in VB Code - #1 | http://www.w3.org/1999/02/22-rdf-syntax-ns# |
| URLs in VB Code - #2 | http://ns.adobe.com/xap/1.0/mm/ |
| URLs in VB Code - #3 | http://ns.adobe.com/xap/1.0/sType/ResourceRef# |
| URLs in VB Code - #4 | http://ns.adobe.com/xap/1.0/ |
| URLs in VB Code - #5 | http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd |
| URLs in VB Code - #6 | http://www.w3.org/1999/xhtml |
| URLs in VB Code - #7 | https://api.telegram.org/bot |
| URLs in VB Code - #8 | http://ip-api.com/line/?fields=hosting |
| URLs in VB Code - #9 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
| URLs in VB Code - #10 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
| URLs in VB Code - #11 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
| URLs in VB Code - #1 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
| URLs in VB Code - #2 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
| URLs in VB Code - #3 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
| URLs in VB Code - #1 | http://www.w3.org/1999/02/22-rdf-syntax-ns# |
| URLs in VB Code - #2 | http://ns.adobe.com/xap/1.0/mm/ |
| URLs in VB Code - #3 | http://ns.adobe.com/xap/1.0/sType/ResourceRef# |
| URLs in VB Code - #4 | http://ns.adobe.com/xap/1.0/ |
| URLs in VB Code - #5 | http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd |
| URLs in VB Code - #6 | http://www.w3.org/1999/xhtml |
| URLs in VB Code - #7 | https://api.telegram.org/bot |
| URLs in VB Code - #8 | http://ip-api.com/line/?fields=hosting |
| URLs in VB Code - #9 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
| URLs in VB Code - #10 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
| URLs in VB Code - #11 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
| Mutex | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 |
| URLs in VB Code - #1 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
| URLs in VB Code - #2 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
| URLs in VB Code - #3 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
| URLs in VB Code - #1 | http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd |
| URLs in VB Code - #2 | http://www.w3.org/1999/xhtml |
| URLs in VB Code - #3 | https://api.telegram.org/bot |
| URLs in VB Code - #4 | http://ip-api.com/line/?fields=hosting |
9edf2ea67490be79d8b2913d6e5887ac (10.73 MB)
File Structure
9edf2ea67490be79d8b2913d6e5887ac
Malicious
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
CODE
DATA
BSS
.idata
.tls
.rdata
.reloc
.rsrc
Resources
RT_ICON
ID:0001
ID:0
ID:0002
ID:0
ID:0003
ID:0
ID:0004
ID:0
ID:0-preview.png
RT_RCDATA
ID:0000
ID:0
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rsrc
.reloc
Resources
RT_MANIFEST
ID:0001
ID:0
RT_VERSION
ID:0001
ID:0
.Net Resources
Malicious
Xworm.About.resources
$this.Icon
[NBF]root.IconData
PictureBox2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PictureBox3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.ACT.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
ToolStripMenuItem4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Chat.resources
$this.Icon
[NBF]root.IconData
Xworm.Clipper.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.CustomOpen.resources
$this.Icon
[NBF]root.IconData
Xworm.DDosAttack.resources
$this.Icon
[NBF]root.IconData
Xworm.EditReg.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.FilesSearcher.resources
$this.Icon
[NBF]root.IconData
AddToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RemoveToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.FM.resources
$this.Icon
[NBF]root.IconData
AppDataToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BackToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CopyToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CutToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DecryptToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DeleteToolStripMenuItem1.Image
DownloadFolderToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DownloadToolStripMenuItem1.Image
EditToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EncryptToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ExecuteToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FileHashToolStripMenuItem.Image
FolderLockToolStripMenuItem.Image
FtpToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2GradientButton4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenInstallationlToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
LockToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NewFileToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NewFolderToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NormalToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PasteToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PlayMusicToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PlayToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RenameToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunAsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SendFromLinkToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SetBackgroundToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SettingsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShowHideToolStripMenuItem1.Image
StopToolStripMenuItem1.Image
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UnlockToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UnzipToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UploadToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UploadToolStripMenuItem2.Image
ZipToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ZipToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Builder.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox2.IconLeft
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox2.IconRight
[NBF]root.Data
[NBF]root.Data-preview.png
ImageList1.ImageStream
[NBF]root.Data
PictureBox2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Clipboard.resources
$this.Icon
[NBF]root.IconData
GetTextToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SetTextToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Hash.resources
$this.Icon
[NBF]root.IconData
Xworm.HBrowser.resources
$this.Icon
[NBF]root.IconData
BraveToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BrowserToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ChromeToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CloseToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CustomOpenToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FireFoxToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
GetScreenToolStripMenuItem.Image
MicrosoftEdgeToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RefreshToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Main.resources
ActiveWindowsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BlankScreenToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
BotkillerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ChromiumToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ClientChatToolStripMenuItem.Image
ClientFolderToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ClientToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CloseToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CommandsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DDosAttackToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DecryptToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DeleteRestoreToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DisableToolStripMenuItem10.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DiscordTokenToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DiskToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EditHostsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EnableToolStripMenuItem10.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EncryptToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ExitToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Extra1ToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FileManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FilesSearcherToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FileZillaToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FirewallToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FromLinkToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
FromMemoryToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button5.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2Button7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox1.IconLeft
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenAppsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenBrowserToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
HiddenVNCToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ii.ImageStream
[NBF]root.Data
InformationToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
InstalledProgramsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
InvokeBSODToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
KeyloggerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
KeyLoggerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
KitToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
LocationManagerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
LogoffToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MessageBoxToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MetaMaskToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MicrophoneToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
MonitorToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Net35InstallToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NoteToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NotifyIcon1.Icon
[NBF]root.IconData
OpenUrlToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
OptionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PastimeToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PerformanceToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PowerToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ProcessManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ProductKeyToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RansomwareToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RecoveryOptionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RegeditToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ReportWindowToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ResetScaleToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestartToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestartToolStripMenuItem4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ReverseProxyToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunAsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunFileToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunPEToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunRecoveryToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ServiceManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShellToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShowToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ShutdownToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
StartupManagerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
SteamTokennToolStripMenuItem3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
TaskMgrToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
TCPConnectionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
TelegramSessionToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem4.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem6.Image
ToolStripMenuItem7.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UACBypassToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UACToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UninstallPluginsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
UpdateAllClientsToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
V20AutoToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
V20TwoToolStripMenuItem3.Image
[NBF]root.Data
[NBF]root.Data-preview.png
VBNetCompilerToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
VoiceChatToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDDisableToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDExclusionToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDExclusionToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WDKillerToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WebCamToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WifiKeysToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.HVNC.resources
$this.Icon
[NBF]root.IconData
Xworm.HApps.resources
$this.Icon
[NBF]root.IconData
ApplactionsToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CommandPromptToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
CustomOpenToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PowerShellToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestartToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RestoreToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
WindowToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Ftp.resources
$this.Icon
[NBF]root.IconData
Xworm.Fun.resources
$this.Icon
[NBF]root.IconData
Xworm.Hosts.resources
$this.Icon
[NBF]root.IconData
ToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.INFO.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
SaveToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Keylogger.resources
$this.Icon
[NBF]root.IconData
SelectAllToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Maps.resources
$this.Icon
[NBF]root.IconData
BrowserToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
GPSToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.MBox.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.MIC.resources
$this.Icon
[NBF]root.IconData
PictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.ngrok.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Performance.resources
$this.Icon
[NBF]root.IconData
PictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Port.resources
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2TextBox1.IconLeft
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.ProcessV.resources
$this.Icon
[NBF]root.IconData
RestartToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ResumeToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ToolStripMenuItem2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Programs.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.Proxy.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Ransomware.resources
$this.Icon
[NBF]root.IconData
Guna2GradientButton1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Registry.resources
AddToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
DeleteToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
EditToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
NewValueToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RemoveToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
img.ImageStream
[NBF]root.Data
Xworm.RemoteDesktop.resources
$this.Icon
[NBF]root.IconData
Xworm.RunPE.resources
$this.Icon
[NBF]root.IconData
Xworm.ServiceManager.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
PauseToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
RunningToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
StoppedToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.Sound.resources
$this.Icon
[NBF]root.IconData
PictureBox1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
PictureBox2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.StartupManager.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.TBotNotify.resources
$this.Icon
[NBF]root.IconData
Xworm.TcpConnectionForm.resources
$this.Icon
[NBF]root.IconData
ImageList1.ImageStream
[NBF]root.Data
Xworm.Shell.resources
$this.Icon
[NBF]root.IconData
Xworm.ToolsBox.resources
$this.Icon
[NBF]root.IconData
FalseToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2GradientButton2.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Guna2GradientButton6.Image
[NBF]root.Data
[NBF]root.Data-preview.png
ImageList1.ImageStream
[NBF]root.Data
TrueToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.TXT.resources
$this.Icon
[NBF]root.IconData
ToolStripMenuItem1.Image
[NBF]root.Data
[NBF]root.Data-preview.png
Xworm.VBCode.resources
$this.Icon
[NBF]root.IconData
ErrorTestToolStripMenuItem.Image
[NBF]root.Data
[NBF]root.Data-preview.png
editor.ServiceColors
Xworm.VoiceChat.resources
$this.Icon
[NBF]root.IconData
Xworm.WebCam.resources
$this.Icon
[NBF]root.IconData
CD
[NBF]root.Data
[NBF]root.Data-preview.png
Chat
Folder
[NBF]root.Data
[NBF]root.Data-preview.png
HDD
[NBF]root.Data
[NBF]root.Data-preview.png
Information
[NBF]root.Data
[NBF]root.Data-preview.png
Intro
Network
[NBF]root.Data
[NBF]root.Data-preview.png
Play
[NBF]root.Data
[NBF]root.Data-preview.png
Question
[NBF]root.Data
[NBF]root.Data-preview.png
USB
[NBF]root.Data
[NBF]root.Data-preview.png
Warning
[NBF]root.Data
[NBF]root.Data-preview.png
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.rsrc
Resources
RT_VERSION
ID:0001
ID:1033
Structure
DosHeader
PE Header
Optional Header (x86)
Section Headers
.text
.rdata
.data
.sxdata
.rsrc
.reloc
Resources
RT_ICON
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
ID:0012
ID:1033
ID:0013
ID:1033
ID:0014
ID:1033
ID:0015
ID:1033
ID:0016
ID:1033
ID:0017
ID:1033
ID:0018
ID:1033
ID:0019
ID:1033
ID:001A
ID:1033
ID:001B
ID:1033
ID:001C
ID:1033
ID:001D
ID:1033
ID:001E
ID:1033
ID:001F
ID:1033
ID:0020
ID:1033
ID:0021
ID:1033
ID:0022
ID:1033
ID:0023
ID:1033
ID:0024
ID:1033
ID:0025
ID:1033
ID:0026
ID:1033
ID:0027
ID:1033
ID:0028
ID:1033
ID:0029
ID:1033
ID:002A
ID:1033
ID:002B
ID:1033
ID:002C
ID:1033
ID:002D
ID:1033
ID:002E
ID:1033
ID:002F
ID:1033
ID:0030
ID:1033
ID:0031
ID:1033
ID:0032
ID:1033
ID:0033
ID:1033
ID:0034
ID:1033
RT_STRING
ID:0007
ID:1033
RT_GROUP_CURSOR4
ID:0000
ID:1033
ID:0001
ID:1033
ID:0002
ID:1033
ID:0003
ID:1033
ID:0004
ID:1033
ID:0005
ID:1033
ID:0006
ID:1033
ID:0007
ID:1033
ID:0008
ID:1033
ID:0009
ID:1033
ID:000A
ID:1033
ID:000B
ID:1033
ID:000C
ID:1033
ID:000D
ID:1033
ID:000E
ID:1033
ID:000F
ID:1033
ID:0010
ID:1033
ID:0011
ID:1033
ID:0012
ID:1033
ID:0013
ID:1033
ID:0014
ID:1033
ID:0015
ID:1033
ID:0016
ID:1033
ID:0017
ID:1033
ID:0018
ID:1033
RT_VERSION
ID:0001
ID:1033
_Error
[NBF]root.Data
[NBF]root.Data-preview.png
_Stop
[NBF]root.Data
[NBF]root.Data-preview.png
tqjnjpxujoir
RT_GROUP_CURSOR4
ID:7F00
ID:0
RT_VERSION
ID:0001
ID:0
Characteristics
Malware Configuration - XWorm config.
|
Config. Field0 | Value |
|---|---|
| Mutex | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 |
| SPL | -=> |
| KEY | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 |
| family | xworm |
Artefacts
|
Name0 | Value | Location |
|---|---|---|
| URLs in VB Code - #1 | http://www.w3.org/1999/02/22-rdf-syntax-ns# |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #2 | http://ns.adobe.com/xap/1.0/mm/ |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #3 | http://ns.adobe.com/xap/1.0/sType/ResourceRef# |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #4 | http://ns.adobe.com/xap/1.0/ |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #5 | http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #6 | http://www.w3.org/1999/xhtml |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #7 | https://api.telegram.org/bot |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #8 | http://ip-api.com/line/?fields=hosting |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #9 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #10 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #11 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac |
| URLs in VB Code - #1 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
9edf2ea67490be79d8b2913d6e5887ac > 7z-stream @ 0x0095649F.7z |
| URLs in VB Code - #2 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac > 7z-stream @ 0x0095649F.7z |
| URLs in VB Code - #3 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac > 7z-stream @ 0x0095649F.7z |
| URLs in VB Code - #1 | http://www.w3.org/1999/02/22-rdf-syntax-ns# |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #2 | http://ns.adobe.com/xap/1.0/mm/ |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #3 | http://ns.adobe.com/xap/1.0/sType/ResourceRef# |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #4 | http://ns.adobe.com/xap/1.0/ |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #5 | http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #6 | http://www.w3.org/1999/xhtml |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #7 | https://api.telegram.org/bot |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #8 | http://ip-api.com/line/?fields=hosting |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #9 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #10 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #11 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| Mutex | abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890 Malicious |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 |
| URLs in VB Code - #1 | https://docs.microsoft.com/windows/win32/fileio/maximum-file-path-limitation |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > 7z-stream @ 0x00945C77.7z |
| URLs in VB Code - #2 | http://schemas.microsoft.com/SMI/2005/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > 7z-stream @ 0x00945C77.7z |
| URLs in VB Code - #3 | http://schemas.microsoft.com/SMI/2016/WindowsSettings |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > 7z-stream @ 0x00945C77.7z |
| URLs in VB Code - #1 | http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > .Net Resources > Xworm.Resources.resources |
| URLs in VB Code - #2 | http://www.w3.org/1999/xhtml |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > .Net Resources > Xworm.Resources.resources |
| URLs in VB Code - #3 | https://api.telegram.org/bot |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > .Net Resources > Xworm.Resources.resources |
| URLs in VB Code - #4 | http://ip-api.com/line/?fields=hosting |
9edf2ea67490be79d8b2913d6e5887ac > Resources > RT_RCDATA > ID:0000 > ID:0 > .Net Resources > Xworm.Resources.resources |
You must be signed in to post a comment.
You need a premium account to access this feature.
You must be signed in to post a comment.