Extracted

• • Target

    f649d629b1ff37e96a2a4c577e45d46f_JaffaCakes118

  • Size

    68KB

  • MD5

    f649d629b1ff37e96a2a4c577e45d46f

  • SHA1

    5eb0909d2d1e0a757db0d6e17cac81cd7e9ecf60

  • SHA256

    3364476f3c84f4db553e7c63264222d560e35375c35e6a42b08a8b9166e16a87

  • SHA512

    9f4ecd89a4f79ad69d17ff2316208ce77c802c451fc4827686a39b3dee93f38435a2b98dc9d2c3a8fed21e8e750408204d931a2c8a477f33f38dd6ef94614c2a

  • SSDEEP

    1536:hKMTA+8EZIydsU9Zr42nmqOPA2Z4r/ozJNgiGMshK3:hK+IYH4jqOPLGevgVMss3

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2