Extracted

• • Target

    ae92be7e93ff4205d7bbde6b311e5d0e_JaffaCakes118

  • Size

    645KB

  • MD5

    ae92be7e93ff4205d7bbde6b311e5d0e

  • SHA1

    3dc9a0a174890fbf54378ded8d670467d7196670

  • SHA256

    327d445b179002c70306d9df3ce7603fd850435409c8a5967b00824fab7434e7

  • SHA512

    89269051738edb88e294ee5e4a27ccc4e5343ed29c2b7b776180ba2d35ef4e250a8396594c17e7ab7015b9dcd5f9718020ca6aac90a534a1a0ae0ffdd654b70c

  • SSDEEP

    12288:6QZuOWo7YNQN2YcKify3iC8ut0i1oQjUZbvFFF/Dr5uiuVC7+:6nMwQgsiK3AcIXFFf5uiuVCi

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2