Extracted

• • Target

    JaffaCakes118_22a030380b6c7e38b6a19754afc498f4

  • Size

    192KB

  • MD5

    22a030380b6c7e38b6a19754afc498f4

  • SHA1

    3c1080e7d4ec1d68d8f199396ffcad53918d8ff0

  • SHA256

    e257eb9c5935d5c8bd982bf91e1620011ff5c05dcd44e7fde43d8876775ec64a

  • SHA512

    fc03116f7ddf201f1e9a53e232d87bfa00208c731ab1ac89692877676d3d2c407bd5bb5aa7a726fea50ffdeba051ad7673448d6d1b3cfb2d3990b5e72caaf5ba

  • SSDEEP

    3072:S954C8BOAodWr6ITnrOUDUEzk7SigO7pnIgtu5wEHFf5zFgZQjJ4b9lhGLTzie3K:AZNdwtHOODID1Elf5ze2J4b9lgiea

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2