Extracted

• • Target

    JaffaCakes118_8a46b4ae44d4f74f7e4449a85337fa24

  • Size

    188KB

  • MD5

    8a46b4ae44d4f74f7e4449a85337fa24

  • SHA1

    8a493b4d24ef73662a6445acf6fb595057eed40b

  • SHA256

    164175dd5fa0f4bf126c4c97154f1d7a43d14ae1c276819777beae515cd20deb

  • SHA512

    6e600178e25b207038c86a80deb2932afc299c6367491769011629a551e4b4a98fffc737267409c13a28e99963b435f96dce168110ed9e09ba582872cb3712ab

  • SSDEEP

    1536:gvDpQPVZY8VWDi2cr5H/SauMA37TFG6M2mrbBb2JqEzz0KtL:gvDCI8xh9aLpG6M2mrRdE3J

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2