Extracted

• • Target

    JaffaCakes118_87c0382ed2e4ec682cd0bfc74004647e

  • Size

    505KB

  • MD5

    87c0382ed2e4ec682cd0bfc74004647e

  • SHA1

    0e83060326471aba7d8a1fee4ac5330af1eee0a6

  • SHA256

    06836e1254689ccd6f10c2eee14af17917ac8eda4ba62caade25b8b3bd6140c1

  • SHA512

    65ea68444c3139ce2b7b8915066326396e7875888fb2640a9c6be01c089c27c98fa87c03038e120090830784d3e3acffbee6da7b0ec423baa5ee735319c1e1f1

  • SSDEEP

    6144:9n5VJiVBXUpXn1MvbXqvJjHAsZvvMk1tn0oTWwhRZLN6IxK+u:zHiVBXMFMY0s5F1F0oTdlN6ag

  Score

  10^/10

  xtremeratdiscoverypersistenceratspywareupx

  • Detect XtremeRAT payload

  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat

  • Xtremerat family

    xtremerat

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2