Extracted

• • Target

    JaffaCakes118_1089d97c1bb4af5faba0824b4229680a

  • Size

    553KB

  • MD5

    1089d97c1bb4af5faba0824b4229680a

  • SHA1

    992be1b85bfd99e71e13e6d8e43e159bf24dda20

  • SHA256

    333a7ae0a53833e8c6a300b13e2aa22da804cd9eda231a2695d45c53c45eef4c

  • SHA512

    64dd92abaf75ee64b942485cc7852f6b1b6bdc815844c9cebb3b4ed594b1ca1a9b512a329ee39171fc805e827ff6b7e8a366712d8640b3b79343f0d84b5f4f24

  • SSDEEP

    12288:V3wL2VrY1yoteRLQqda8V02gU1g7ltxZYO3ncvnl:s7/4LSfxZYOXCl

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2