Extracted

• • Target

    JaffaCakes118_a60b7e6100ca2e49c1d4d1b6e00f8fb6

  • Size

    106KB

  • MD5

    a60b7e6100ca2e49c1d4d1b6e00f8fb6

  • SHA1

    8fa4780b030ba9fcbcaa18a668a98365b09f52e5

  • SHA256

    7015cf660bf90a764296b6d069b5bd513e73c36197f633ee20183c5b0c3ead68

  • SHA512

    1f0772acbcdaa444d4f5b3af5ac68b7a6f8154c0cf2057952099de8c5132edd67e7e2e2e6c093fa0e00032ea3ed770a5b675a90e3a35a9b8dee717269d646ca9

  • SSDEEP

    3072:a+HP9NyT9Ey5ZLG8IiLuHj8HmChsUJvvuST2:CV5ZLbIIuHQHmCuSv2

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2