Extracted

• • Target

    7be0f901cb889b18c6901f06d9a21e55_JaffaCakes118

  • Size

    94KB

  • MD5

    7be0f901cb889b18c6901f06d9a21e55

  • SHA1

    b2c9ec922613e2d6e04ba128a7ffdbbf589a7bfa

  • SHA256

    97a3c529b7aaa9c4f5f85f37c1855a82ba5bfeb35c300551200d87577d2dd173

  • SHA512

    289ac108d2e85aa60fcb42d428b01facf1bb3489bb192fea147a9518f249ce9bb14fed0e7360a10061ccf22d6f90709a0eb032b53af617d243af30010f9def20

  • SSDEEP

    1536:weGJ9f5c7G2G5nr3OxGaXeGFdQToVVC1aCHP+D5y5v2rkujV7O8jTo/JCSJ3PxqY:mJ9f5c7G22OxGaXeGFdQT8VC1euuVO82

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2