Extracted

• • Target

    b3283e469497c93a4be15446376cf9f0_JaffaCakes118

  • Size

    78KB

  • MD5

    b3283e469497c93a4be15446376cf9f0

  • SHA1

    36e1992dab4b8be03fc7f433efc21c06ad10d57b

  • SHA256

    8684e4eababa253d603875db278c0e108ea05dff323e0f2683685c0745ba49e5

  • SHA512

    b519a774eae1913606931e40c6ed061f4bdd0b622e582d8d5e4a30c050dbf4e2b5b62b97f01bfa07436f0229eea2ffe0d37e4cf98ad92b0eced1ac21dccdaef5

  • SSDEEP

    1536:077SPQgf9iuZlf2/dYTeqyLWWa+Amx9BgTme+mjA4O8WI3rLY31gHNh+IuxzkY9G:0FmapMWInY314uJkd

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2