Extracted

• • Target

    df18462d6309efb5454fecdf3df709ce_JaffaCakes118

  • Size

    350KB

  • MD5

    df18462d6309efb5454fecdf3df709ce

  • SHA1

    1caa5c2a2bcdc6b8282c971f197ff7df78352e11

  • SHA256

    2b47a07b4a577bb57598402cbb7adb06a2cfae0c6f2bb212d7c9957687fe0445

  • SHA512

    8466a90e49ea0e1916e493208aeb736bfd30e53908a63a9f54bb7ffdc6430abf4fb54ca901cade1893a3c3b243465378212d4d1e17fcb7e0ed3c626d884dc6d6

  • SSDEEP

    6144:hqs/AV1rl6ahtdKGFXnxdS8NnaopyJLn1KT2z99X5kdT8Z0BwG9bM6Zyj:hbS6qtEGFXxHaopwtEwWbvZyj

  Score

  10^/10

  discoveryevasionsalitybackdoorpersistenceprivilege_escalationtrojanupx

  • Modifies visibility of file extensions in Explorer

    evasion

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2