Extracted

• • Target

    c33f95d255823028c943704727d2369e_JaffaCakes118

  • Size

    650KB

  • MD5

    c33f95d255823028c943704727d2369e

  • SHA1

    686f1e7be02cf6bdf795997d105a55fd5442b332

  • SHA256

    3df12da2dd8c347dc96eace427165e30fb9d503ebaefc0dec9118278476d5b36

  • SHA512

    2dedfca03fb2eaa992c66474ade5792002b4591c0abcb5386586239073fbdd8f9a95655d9e64ea0ef4b83fc63609e0ab1e558e72df1a3b66b8a7eb9a9e031882

  • SSDEEP

    12288:mo7YNQ8GnBaWnBsPDqWOFD4RD+drOqZbmqMrUANW+dR0zHavdmnYHHQW:vwQBBaWnBCqOeSqZbmNrU0W0RVvfT

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2