Extracted

• • Target

    9e1f1f2a3b150ada8cb6b956f9575928_JaffaCakes118

  • Size

    111KB

  • MD5

    9e1f1f2a3b150ada8cb6b956f9575928

  • SHA1

    ac1ac7904a35a347f0db6eb3290c93ad7e0edf04

  • SHA256

    532ea988bbc2ce48863e19808db4a4b7933d36a1c359d34d78c07170819f46aa

  • SHA512

    43d01b450ef31301f588337d3ddfd9dc0b72427e4cc6f5abd91b1da6f76bfb15e97eb277c81b4a6cbed6b185a1f3c206d556a50351e58fc42cbd2cca192d55f0

  • SSDEEP

    3072:g0M1iwNRUNi9xbAaBEYkmKf2gPOh6FNl+mLw:zh48Ykpn70

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2