Cybereason has discovered another member in the xxmm family of backdoors—ShadowWali. Like the Wali backdoor, ShadowWali also targets Japanese businesses. The same author can be attributed to both backdoors. Both backdoors have unusually large inflated executables (ranging between 50,000KB and 200,000 KB) Walis loader comes with both a 32-bit and 64-bit payload, while. Wali’s author has been developing these backdoors and possibly other malware since 2015.”]
Source: https://www.cybereason.com/blog/labs-shadowwali-new-variant-of-the-xxmm-family-of-backdoors