Extracted

• • Target

    JaffaCakes118_a83a5279d3f9d3af7cf9d2e19eed017d

  • Size

    593KB

  • MD5

    a83a5279d3f9d3af7cf9d2e19eed017d

  • SHA1

    00a7f91a74e9fbdf83e3351ab989e15ce452f093

  • SHA256

    6876d2098a793e617e70fde9b63f7fb90b0b48c578d374c0b3d3112ace92e412

  • SHA512

    1f38cdc07b56c8d9e11a664f0d6900a2cc0293ecd50c8df4d8f73f6af328943f51d7391415caf9b305071618a96d404101101a093747452565c1048c2e13d57b

  • SSDEEP

    12288:9euTIgKKM4YrcDCI9j0KGSFon+BN+OGtQiFnXh:ErR1BI9j0TSRXunx

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2