Extracted

• • Target

    JaffaCakes118_9cfcaa8bcef1bfdb9462f6c132b55878

  • Size

    121KB

  • MD5

    9cfcaa8bcef1bfdb9462f6c132b55878

  • SHA1

    b821394392c8dc60078b3120acfa8f724d337389

  • SHA256

    4c0b4df17682e33ff6a2b56b595ebd4cc376ab381aa48d4f21a537b8e97f1f06

  • SHA512

    8509078a4302ef68c618346717e5115be264c12fa42236edb461cda1da79dc86b89283a0f73d5fdc74205be55d16a9d6f6482379035a88db1ead0479a1934e8d

  • SSDEEP

    3072:OkJcPWL32zNo+ViJ54RsSA9CChGOGFN6kgQt3TuabRONmbo+e:OQhLGI99CEpGCkgd6oZ

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2