Extracted

• • Target

    5b8e18a6a15cc795a263236a8d7446bb_JaffaCakes118

  • Size

    111KB

  • MD5

    5b8e18a6a15cc795a263236a8d7446bb

  • SHA1

    abf6abe329180609e198f9628e87394111b95276

  • SHA256

    73c00a7ab828e9409fca75ca2c96f5351abee13775ebe91361fd414cbcf5a233

  • SHA512

    0edb94c0fd02d9b73717b697cda6561a3d3033ad4255c92a664f01e30e966b58008bb7fc890cae6a2e666e09597a5b47283f9243b42e8720b18106cf5ef48d7d

  • SSDEEP

    1536:u2ghaZcYZqJC3xdTOuWrdhoh8SHtNeuH254uqXSXuh6Ox:uHaZ0JKZWxhPSNNy4uqXS

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2