Extracted

• • Target

    JaffaCakes118_16605422044d8bbf3871382d49818af5

  • Size

    254KB

  • MD5

    16605422044d8bbf3871382d49818af5

  • SHA1

    5576842c66d5e4cd46be6899d974d35b5daabc39

  • SHA256

    4c69bc92451cfa5585f761ceced26f12e3a9aa9f8d7651fb908dca0e112a9a13

  • SHA512

    31c3931c7fe68c27a57e3cc146b95555a105bcbf3dc6305a635e32c79b93ae2267d9dfe86e88e7ff0db73f41903ec44673d75a2a0d98c1922f9aa643956feb9d

  • SSDEEP

    6144:AF5m+kXDGqow4Cf9ZYMejHyd0etcn6NZZ08pu3yQy+kyU014/oxgh7U:LXDGqowPf9ZY7LO0eKnQ06IyQy+khoeK

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2