0x90...Thanks for the response but I did not mean VB.NET. I ended up figuring out what was going on and am going to share my findings with the community.
Based on my research it appears, at least in my sample of XtremeRAT Private 3.6, that it is using RunPE/VBCrypter to hide the true XtremeRAT "Server" client that gets installed on the end host. I used the following information to aid in my analysis:
http://interestingmalware.blogspot.com/ ... runpe.html
First, open the sample in Ollydbg (I was using 1.10). Set appropriate Exception settings. I only had "All FPU Exceptions" enabled as I was noticing I kept on hitting Floating Point exceptions when attempting to step through the binary. I then set a breakpoint on CreateProcessW by selecting the E icon, right clicking Kernel32.dll, View Names and searching for "CreateProcessW". Set the breakpoint with F2. Hit the resume/continue button ("Play") on the menubar. Step over the CreateProcessW call until you return from the function. You'll notice when you hit the CreateProcessW function that one of the parameters is a flag to create it in a suspended state. Then go back to Kernel32.dll (or you could have done this while you were already there) and set a new breakpoint (F2) on WriteProcessMemory. Continue until you hit WriteProcessMemory but do not step over it. Once there, you will notice the "Buffer" parameter. Right click and select Follow in Dump. I then went to the dump window, right clicked and did Copy-->Select All. I right clicked again and did Backup-->Save data to file. I took that on a linux box and ran hachoir-subfile against it which identified an embedded executable. This executable ended up being UPX packed which you could easily unpack using upx -d <file>. After this was completed, I had a fully unpacked XtremeRAT "Server" sample that would be installed on the end target. The CFG file is stored in a resource and is itself encrypted.
I hope this helps others that come to this forum that may have a question about XtremeRAT. The blog post above was extremely helpful.