A forum for reverse engineering, OS internals and malware analysis 

Virus:Win32/Xorer

Forum for analysis and discussion about malware.

Virus:Win32/Xorer

 #23974  by EP_X0FF
 Tue Sep 23, 2014 4:10 am
Xorer is a specific variant of the Xorer family of file infectors. It is a slow file infector, meaning that it lets a certain period of time pass between infecting files. It has worm capabilities by dropping copies of itself in writable drives. It also has rootkit components that enable it to avoid detection in an infected computer.

MS Description

MD5 0ea014df1e52bbcda2d7757894c07ed1
SHA1 adf3eb56571ff81f33e1e44137a8a532968958c1
SHA256 c58034dcbda7898cf5a5faa207c5e91aed54cfdc0a3b36a08ed7faccd92bc162
https://www.virustotal.com/en/file/c580 ... /analysis/


MD5 24b99d141e363fe0e0160863c2a1aa56
SHA1 f0f426319c6b8ea7aa0fdd6dd0858dd73d8cc46c
SHA256 d409dbe0cc0c08f6f55d3657de91ee510c2aecd1694d7c4b739adfe223d01978
https://www.virustotal.com/en/file/d409 ... /analysis/
Attachments
pass: infected
(1.01 MiB) Downloaded 141 times

Re: Virus:Win32/Xorer

 #24049  by AaLl86
 Sat Oct 04, 2014 1:35 pm
Sounds interesting, thanks for sharing!
Andrea
EP_X0FF wrote:Xorer is a specific variant of the Xorer family of file infectors. It is a slow file infector, meaning that it lets a certain period of time pass between infecting files. It has worm capabilities by dropping copies of itself in writable drives. It also has rootkit components that enable it to avoid detection in an infected computer.

MS Description

MD5 0ea014df1e52bbcda2d7757894c07ed1
SHA1 adf3eb56571ff81f33e1e44137a8a532968958c1
SHA256 c58034dcbda7898cf5a5faa207c5e91aed54cfdc0a3b36a08ed7faccd92bc162
https://www.virustotal.com/en/file/c580 ... /analysis/


MD5 24b99d141e363fe0e0160863c2a1aa56
SHA1 f0f426319c6b8ea7aa0fdd6dd0858dd73d8cc46c
SHA256 d409dbe0cc0c08f6f55d3657de91ee510c2aecd1694d7c4b739adfe223d01978
https://www.virustotal.com/en/file/d409 ... /analysis/
 Return to “Malware”