Extracted

• • Target

    c2820d98890657341f414f2512085311_JaffaCakes118

  • Size

    130KB

  • MD5

    c2820d98890657341f414f2512085311

  • SHA1

    114dac6ee3faa92e9f918292eafc406b0e377987

  • SHA256

    f40e9662e150660473501a018989f320ac84bce30bea1284bb2537d93c17d05f

  • SHA512

    0f9b9b6e49ef0236e2a5efd1a441a504b4d7fab2563e9b2d1032f6321a74e0b6064c902311724a22380de6ad22c36e6f982cc2ca6daab0c7e0a13ebbf89e9e94

  • SSDEEP

    3072:S3V6B9R/dlMMMMM2MMMMMzvfkcuEXaptzwW2EbZ8vPWEln:S38nRVlMMMMM2MMMMMz/LO2EbZ8vPZn

  Score

  10^/10

  discoverysalitybackdoorevasiontrojanupx

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2