Extracted

• • Target

    JaffaCakes118_73ea30014f5b74c0cadc8def2406d087

  • Size

    228KB

  • MD5

    73ea30014f5b74c0cadc8def2406d087

  • SHA1

    5447215d8a9de6ab586f6d12d8b1bea5dd9b2ff3

  • SHA256

    792f4a19b63f5fd9fb2c6c90641c5f521f356c93112b8bf7db15ae40e6931114

  • SHA512

    b656207ef6ee4d586ee9ad7af5c6528715c352355331b9c2d7381d09834831e3c9f80d5d845f097bf349c062d757316cec849aae6076202968b420287f85421e

  • SSDEEP

    6144:lnpAOgw8HYWO9QD7+AfK9P0dQcecrFYcS7s4UAtFHBxz:lnpH4HYWO9QPfKNceJY4UAxx

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2