Extracted

• • Target

    876c9a1a924cd75522444a2508f39ccb_JaffaCakes118

  • Size

    132KB

  • MD5

    876c9a1a924cd75522444a2508f39ccb

  • SHA1

    37053fe8920bb6ec5f2b4b6fb87c7f863914c5f7

  • SHA256

    64c701e1b73f3dc9456658ca935a0408f17d229fc32e5965c35ad4e0866ffa1b

  • SHA512

    bf5370c98be875d51bf73a5255a37025298d7a7aa6469bfd096da5cfcae59d9b5ffbf0cf0a8a97b625c152543993ef8cb21538d91cadbdcc47c92e2629e5a3a7

  • SSDEEP

    3072:NVdEcMNi/l6+m3bmUTqXGjvBiab8xmztNWyysCEldIUg:pEZNEl6+UmvsBJAatQuU

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2