Extracted

• • Target

    bb4ede8613dfb84b369b93d800cd83c3_JaffaCakes118

  • Size

    268KB

  • MD5

    bb4ede8613dfb84b369b93d800cd83c3

  • SHA1

    51fba2585039dad6df1ec21a1a822f16ba054d15

  • SHA256

    b1db1cedbe71ef794d5891a79b7f153b0fbe4fcc5f2d9ac9487bc3c460004026

  • SHA512

    2f930f5cff1ca8d71f3ca1d634d1c7b9a62aaaa6c5037e816197cc4ed20bc24e515204ecb5688e4bbcab6fdb988e6be9a3b692396cc37b7d9832a66a6eda879d

  • SSDEEP

    3072:hF5hfiQUSKDtXiJnY4igBz+uNmAlJwTRz1jPv2ifXqoL:/5bp+omAQB1jPv2if

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2