Extracted

• • Target

    JaffaCakes118_50423fd16d4e2c21d286c062164c27ab

  • Size

    108KB

  • MD5

    50423fd16d4e2c21d286c062164c27ab

  • SHA1

    a574914d4e8b304216ce09e13d75e8af51e3b476

  • SHA256

    3ec9b2e6eaa1dacbd0446096270912390e77fcdf9540961afec83c31e95e207e

  • SHA512

    de7bcbe31052f43757f66bb45c4d1bb5eb5853879b6161f64347dd15d483717c2af855462c3cf428459ddda6d6416e49b9f60e72c38934a8d2e442780ea8fe3b

  • SSDEEP

    1536:PnFnrx4TEk1btTmmfAa6R5NlT94rbK/n36ek2+K39:PnVUbtT9f76Flx4cn36bDK39

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2