Extracted

• • Target

    46adca4a892dc48862ba393d45d27745_JaffaCakes118

  • Size

    205KB

  • MD5

    46adca4a892dc48862ba393d45d27745

  • SHA1

    2bb1fb8c9f907fdfaea108f5cec438a416c83a6e

  • SHA256

    2466475118603cf9ac0f193d48a9971783b8911a50238c55894909d2e09cce75

  • SHA512

    5fe136a3de59093670a838099ddb4e548afc69cfe61ec3c255c3a78088f06cae073de2b1e0fce829855a972a7149cf8a913d583ad001d918ee85f772384cdd85

  • SSDEEP

    6144:ltZ9O0jcNFPwWW3V4gCrV8g88YMG9YccWpL80fj:7OacNFIFatrg9YccWpD

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2

• • Target

    $PLUGINSDIR/InstallOptions.dll

  • Size

    14KB

  • MD5

    32aa6334fc543e70ef0f792bb9a0c45a

  • SHA1

    54be1f5004f7e5afe7c9ba160495076ea2a4d60c

  • SHA256

    610e54bcfc2831d4f9d7030ceb16d35ee33006403d842f01b6e75bebea0083e2

  • SHA512

    ac92116821a032de8df64bf9aea9c6ba4040467eebaa4e028c2bf031f1c81bb69531288b9d89d951b952fe0b4ecccade874a5ae76d04db8b4dee2d13c486f9ae

  • SSDEEP

    192:V6JaVGQ+xI5EeuyvMmGpeWH2J5xprN+AxTwK72dwF7dBdcQOz:V6JaVh4I5rpPbTw+BdhO

  Score

  3^/10
  behavioral3behavioral4