Extracted

• • Target

    JaffaCakes118_791fc7c8280b6ae952b12e031b5cb5a0

  • Size

    897KB

  • MD5

    791fc7c8280b6ae952b12e031b5cb5a0

  • SHA1

    5106832093271745e45eb057c32dd8fc62a2c535

  • SHA256

    e6a899fb6b109125d17e118945793c5f228db092091f2a4f822704bed7152fdb

  • SHA512

    40dd981673a6842877ee851efd3b7de74bac9429bbe942296f650bf7132ac9a7ac33221a6df1aac1ae97753873a1c8d348433f2e477227e94186c5d5610951e2

  • SSDEEP

    24576:K4lavt0LkLL9IMixoEgea01PncVq9MmCS7D:dkwkn9IMHea01IaPCS7D

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2