Extracted

• • Target

    e9bd4ca59f4ddcd5787f2632a2564614_JaffaCakes118

  • Size

    420KB

  • MD5

    e9bd4ca59f4ddcd5787f2632a2564614

  • SHA1

    7df71033066c1e328280f86e90fd558ff00d46bb

  • SHA256

    3fb79c5b2136a5343df8e445248c636880659ac3db26585ec0d1e233632b930a

  • SHA512

    51d33d942d13f753b319461f0aa80510173599e66d186b24cb57324061518f9577ebeb04bd94b8b84b45d0f90716838c7b12642b4725c4095d09f5b6ad28ddeb

  • SSDEEP

    12288:3MhziMCBJJ/FBaESkGKdt5EO8lfCYI1POI+olg+:3MJiMkfdBaESkldzO4mIVz

  Score

  10^/10

  discoveryxtremeratpersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2