Extracted

• • Target

    3f491a70c68b71e6417fb171dd36b654_JaffaCakes118

  • Size

    644KB

  • MD5

    3f491a70c68b71e6417fb171dd36b654

  • SHA1

    bc3d83c38e3028c41721bfdf915461b7f51438f8

  • SHA256

    7008d57c294fb2cd0f295663d1063e96a3beefcd68dec33fdfc1521f72e244f7

  • SHA512

    b0d74f881a3e6f98e688f164a37c57ec73ff09a3827cc190084fca4030c8c8ba5c7b2b3042d4868a8a93018f4f1729d384c95248c8c4e0e3f0a6c751b3cde7bb

  • SSDEEP

    12288:MQZuO/uo7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuKsV:MnuHwQgsiK3AcIXFFf5uiuKsV

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2