Extracted

• • Target

    JaffaCakes118_63deeb103e37e968c17e4563174830fe

  • Size

    88KB

  • MD5

    63deeb103e37e968c17e4563174830fe

  • SHA1

    887f45d76a7d798af47bfcfc9c832a1343dae68d

  • SHA256

    f6d4b40a18bb3c32cb074006c1dbb86444dbf7fdeda51a8d4d0f5a067ec1e27b

  • SHA512

    36e083cf440fc98c1a4145c6b08df9b1cd86f6a9a73cefac9f2e55abf3a0e8f12608d33e62e980a32bc659aa956892ab60647f1a1e609ef536e6267dab61dbc8

  • SSDEEP

    1536:kqCU1Llu7HttiUq6yry0Qo5LDMzs3p5VEqzm7zNdqKrj9hleVHy:vINtc6y29o1AzE5Vlzm7zprj9Lsy

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2