Extracted

• • Target

    JaffaCakes118_52f03c9b806e0f66a77085a1f340ae0b

  • Size

    401KB

  • MD5

    52f03c9b806e0f66a77085a1f340ae0b

  • SHA1

    2f2638ee4f6d3b30e4fd56e9ce80df738dab0999

  • SHA256

    27d15eca0135a936de706cf31b018fd1b8f67d0ba9d2fb0fa60dfaa415a556c0

  • SHA512

    bbe365064b357932b8244170ace3cd3fb0fb6395e8074ee2e42f67e0ebd5a1ba73ce084cd896225da76585283215313eb1a10dcfa05f498f0c08edf03a1e9fab

  • SSDEEP

    12288:P3W0LsQfJpcizk7mgM0LMxxP518rfffDfffFrn:PBoQfXcaHgMfPPEfffDfffF

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2