Extracted

• • Target

    9767fb8bb5a3a05c4413c6f601b4bb09_JaffaCakes118

  • Size

    148KB

  • MD5

    9767fb8bb5a3a05c4413c6f601b4bb09

  • SHA1

    26941cb78c655e3ac088e596a7a7e16ba6a52483

  • SHA256

    ae5e1d6e162c89379b503ff5549d73902a417cebc8320e46e3719d34a2fd82f2

  • SHA512

    b6d0d2ea86ff97d03bf6855ab09fee7f9c5a5d5c615ec655337aed57a263abb20a43300f7cad7608e4b16cc7a269eaaf3b7b7e83a23ea10be4724db674a2fde7

  • SSDEEP

    3072:F81XFCiaOdZm03bPQKh+G7d2GnQRgV/uPGcEMNrzH5cSoicb+JlEF3P+:FiFI+/lQR257iW32

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2