Extracted

• • Target

    JaffaCakes118_06c378bb207e0febb810f40334c5988b

  • Size

    233KB

  • MD5

    06c378bb207e0febb810f40334c5988b

  • SHA1

    70a3d54c393b8f39457947c998794afbd4132218

  • SHA256

    53d810367978a6cf71d8b0af7859e01e67b6cf23be83c6248e445b7a2ddd7efc

  • SHA512

    a76a326d329b3f99747ca4953a694b2290344ab55a93fe4ae8eb1a9ee1de721b396abbf6d3280e073fe1ad4ebdffe44a36c65344177b743b0e167e4775fe81c4

  • SSDEEP

    6144:FyGsgenDjBQSE7MnnSpZK3finayp+ZbWGsuz/R8H8sFs:FdsgenxxEInnMWfSHmD+s

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2