Extracted

• • Target

    JaffaCakes118_3a0d2b1e7182f45c2e3f2d58437effa9

  • Size

    646KB

  • MD5

    3a0d2b1e7182f45c2e3f2d58437effa9

  • SHA1

    5f544dca5f1c2b2693508d7977c594377ba08e81

  • SHA256

    8e00bb1a9ec139b71b415d22ff806fd398579f6ca507feb5ee45c4af91664e92

  • SHA512

    037b1a562bff14622e7d1d18bc06fdeca7f7582c7754828eb91a1db327bde854b4d781038274f2292c79fb96ec4a9498b6322a80ed3ace5172c810279cd8ba01

  • SSDEEP

    12288:VaWzgMg7v3qnCiMErQohh0F4CCJ8lny/Q76ZP8+:kaHMv6Corjqny/Q76ZP8+

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2