Extracted

• • Target

    ba98c4bfc9b34a99984bd5b47e2187d5_JaffaCakes118

  • Size

    5.0MB

  • MD5

    ba98c4bfc9b34a99984bd5b47e2187d5

  • SHA1

    870fa646be34189399c846fc69591b09f89e2e19

  • SHA256

    88a0415ab2bc28287e83a2fab4d7aa48010afee0c4a9cd91c58b9e1d1c9199f9

  • SHA512

    6c5000fff95219b07aea7502396891aa1edfee9450f52c72167f252e30a57b474ef8ff0af23f6bf909728fc5c2910dc00e1636c2cc4a4e9a91990e18e1f1d6ac

  • SSDEEP

    1536:9TKzAb+49etKRhSy/uoQUIiNNNNvb8bVOHNnBuEdxMj2qkSZZZ3gdg:ci+3ct/2UIiZZIbSsSMjYUP

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Deletes itself

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2