Extracted

• • Target

    f762434b4cd41f68d149b18ffd7aa3eb_JaffaCakes118

  • Size

    464KB

  • MD5

    f762434b4cd41f68d149b18ffd7aa3eb

  • SHA1

    9001dd572b1ef0a8ab501d0139a44656434e5f9c

  • SHA256

    bd04a41c8a5ad37f6e9bd3bff2c85d2074586bd9c3c3cb8c5d0fc73957875320

  • SHA512

    0de64fe4515a1278bc0d06be78bc400fafa17ea106d57faed2b65038225bb638f9ac7dedfc7fe3f156bcb5ae070c5a77abed3b0d4ffacc04be2fb307eb574a44

  • SSDEEP

    6144:ZJZ1qTvDivo2/Gy1xVzJ82S/OH3+l8Zt0YGEC0q9cv7Eb1TDojGTQuUXnSu8vb:FITvDiv3Go823u8Zt07rSKnoa3Us

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2