Extracted

• • Target

    9db9d2e6798ab2f676f5c02379a77b20_JaffaCakes118

  • Size

    192KB

  • MD5

    9db9d2e6798ab2f676f5c02379a77b20

  • SHA1

    15b677f60169e10448aa38145ef0fdf7fdbcb2c7

  • SHA256

    ae3a4c7066f285986735bd794a8264488afda4ff4b7099644b3f9f06776928f3

  • SHA512

    d135e8b39123b2c8ff47368f80fa13c018d9ced5276487aa7be1e034d3a6fe3a18aa9b1836a23522956edc1d537da916adf48e358b96ea0e06760344c33780aa

  • SSDEEP

    3072:1EasXSH0+4dMs09rwGUV0olfUeol6TsS2wqH6EBb29Vo92k8j89RIx:nsXSr4dO9TOUeVq1BaVRkw89RI

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2