Extracted

• • Target

    JaffaCakes118_6a2d057d6e1d0d4676665b813d7c2a20

  • Size

    672KB

  • MD5

    6a2d057d6e1d0d4676665b813d7c2a20

  • SHA1

    871e05b7ed5427a0bf46b0364a4d85be1114b12f

  • SHA256

    21fbd811773b75aba3a413aa1160554bf42fe8e06d7a74df3936891810939fd8

  • SHA512

    8a6da16becddfcb1c36a6418d5828ec6b0068ab010daf9e77a2fec3d0f873def7ddb071bda701c0afeaa5017e0f2f0361e4b3cbe3cb133015e79ffd8ced6f449

  • SSDEEP

    12288:p94zs+Be5EeypFYGacFpibqMHP5TZEIWwsN:3uv3GbqQPGD

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2