Extracted

• • Target

    ab736a636c06971e2d605a7b5788a7c7_JaffaCakes118

  • Size

    75KB

  • MD5

    ab736a636c06971e2d605a7b5788a7c7

  • SHA1

    45c5f2bf22151a8cdfc58593d559dffbc3b9e14f

  • SHA256

    4e46dcb5edc79a4132579e1b1cc3e9c361cee08f546e6722dd3c69a2d7caef6f

  • SHA512

    dbfceaf2b75866f3f9798e4d25f43b43f1f3f5164c83bdb6c9daf5e07be1355dc8b3069198c6d13b39a2191be95ca178f4bfad76021828642ef0ca7131b12678

  • SSDEEP

    1536:upqoX7c9EgqGdNe423+oFTFmWTQkQs95TL2XZUjAeP:k7IEgq2e423RhFmWxj95TAqAeP

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2