Extracted

• • Target

    5cd73b4a4552f2368ba91c4ce0fbaebd_JaffaCakes118

  • Size

    221KB

  • MD5

    5cd73b4a4552f2368ba91c4ce0fbaebd

  • SHA1

    e240ffb1450804bc77c788a4ca66e247acb58746

  • SHA256

    1138ecfb3ec46904475d5467ebc7877fd65b1f4a3dea29c2154517275d0d6b9a

  • SHA512

    4e76d060b98d25ff7522a0085327864b8cf1bc4a8804da33aff61104ad0002fa4c4053101d8b1740b177aab60e8ebfb54ae7c3ec0739b69d0740cfb5aadb8dc0

  • SSDEEP

    6144:5NKBp8BveI+M0kTc7Lp271HQoZJkgzF9JxdH:m+Bvoog7ynbzF9Z

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2