Extracted

• • Target

    JaffaCakes118_6404b78e2727a6ae5b1af018e9b6260a

  • Size

    208KB

  • MD5

    6404b78e2727a6ae5b1af018e9b6260a

  • SHA1

    2a6976078baffa24f25a91e44546a3f90255a2c9

  • SHA256

    9482c8608688ab0988d0af71d21c539c7e7060360ffdfc1a85f924a9572d59c6

  • SHA512

    444ba9439b1dbee21c57b51027b7469295d705754b040229b30fe42bbb33430587190debbee3730cb54976ee5bca50b75269506d48def779447b35b23ac11c42

  • SSDEEP

    1536:FX6Kytf8ak7HIYzgoyzRK8A7v+DjZ6Kw0hJUDPaDhPG/3MU+leHdZgFKFhu1z8rn:AKfaknglRl/ZoYWL/9HBS1YrwdC

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2