Extracted

• • Target

    f57089f8404cc88878c3dc6e4696bcc3_JaffaCakes118

  • Size

    101KB

  • MD5

    f57089f8404cc88878c3dc6e4696bcc3

  • SHA1

    c408137e0e7e4af4650c7e0071aa3a4706b730eb

  • SHA256

    5d7b719757bc1af59e9e3dc94ea6b31363d41aa6d39639bd60794df7cb25f1c9

  • SHA512

    53cc5e667cf5efd3bd22d4730329c91372e35521c9ca7797f87ce13d32cbf0d367acd9e6822ec6e134eada10032fa5eee18b1060bf632e8d76ca3a88eef4bc56

  • SSDEEP

    1536:ejesTfKGiZBwN9UefpgHmEPkdQBilirasI6UZpcfQaYxI/+MO5:TsjwwvfpymESQESasSZpcY7I/+X5

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2