Extracted

• • Target

    JaffaCakes118_ebc4ec87b3860a46a0b72ca06a593548

  • Size

    525KB

  • MD5

    ebc4ec87b3860a46a0b72ca06a593548

  • SHA1

    e9b040c86a47fe8d46e3946de9f82996e5a9b7ce

  • SHA256

    1ea484be3ea61982df30782c4c436a16457ac833ffe3cc3585c452a6118a8d0e

  • SHA512

    3240dfceac27f5f13d151a766e277a1dc9481c68611f69e6119efd0266b11f213ba30ced289958baa5cc7bba6a72848f9c8fe30ed6645cacbad573c9749dd467

  • SSDEEP

    12288:GeuHRzxyzTfDFiWmI9SHD4/rKphvwfF/L9fYBr0pF87:F8RVynVCHD4zKphod/LSrf

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • AutoIT Executable

    AutoIT scripts compiled to PE executables.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2