Extracted

• • Target

    JaffaCakes118_459dff0a11f1099d65434e01b5cd8ea8

  • Size

    314KB

  • MD5

    459dff0a11f1099d65434e01b5cd8ea8

  • SHA1

    87cd27ce5052bb97f7785a0a86fe7be2473be6f3

  • SHA256

    60d468845eb5b87fd13965918bb8bfe546c1cd8d01a5ab78ea65a8fdd586f296

  • SHA512

    4c112e41f045b8a2e6c20b55451b807fbc4beff574adb3ea442c109a8b5362cbdeb969fc40cd816c020a960253f6f758adeb51ab977ac20a8338b4e6e108ecb0

  • SSDEEP

    6144:n66qhSX+YZm8va6CxLiRhZ5GqGGbhOCEvl3HfnxOE:3qhSX7UBIRhZ5RxON

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2