Extracted

• • Target

    b781b851b6902bf4791e34d07b5556a3_JaffaCakes118

  • Size

    512KB

  • MD5

    b781b851b6902bf4791e34d07b5556a3

  • SHA1

    244e5eaa934d6db11ee58ab62141d5fe743881d9

  • SHA256

    b844100579ca6c25135b1c438793a1963e8898643f9cc80e3bb139569f1a19dd

  • SHA512

    aa2283a704eed0d41e776cb9bc2067ac1c62b42fa6e4c636fbb5c02a449e6bc4ea726d504ef031490229121996338fe8e1345682416da87784c6dc32c530ce4c

  • SSDEEP

    12288:aujB8jeLvUwZnWwYys49h+TmvzZfvHP/ZRKwmmOXJFBvejst0Hyp:aujamUr2HtZHXjOX7BWjTyp

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2