Extracted

• • Target

    31aa79e3f13fb921c5c82f99b2be43b0_JaffaCakes118

  • Size

    645KB

  • MD5

    31aa79e3f13fb921c5c82f99b2be43b0

  • SHA1

    8c0d87f13c4bdd9ceb5d6da4c8d25ed8505a66a0

  • SHA256

    6de0b43d0a69e1c44569ec42316823f65696e29c11fd4db771264e66222947ea

  • SHA512

    380c5aa5b51816247b4709c327c31f91f9b14a44c534c9bac30a36c7030e4c5d5ba20d46faa05e5e76fff0d7a647a020868a6b3a7c41da8f857ecf41b158ac54

  • SSDEEP

    12288:VQZuOro7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuF4:VnPwQgsiK3AcIXFFf5uiuF4

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2