Extracted

• • Target

    c0e02963d743434c336adfc1328659cb_JaffaCakes118

  • Size

    6.6MB

  • MD5

    c0e02963d743434c336adfc1328659cb

  • SHA1

    d91f98f3a53600098956731f1fed2449ecc8f62f

  • SHA256

    11bbd3b3821a5464478af90b19b0f185ea22dea49ae915cdcc5dfc61e476b179

  • SHA512

    7386048787a1c11487eb2d54ca86fb8eef493e16fd864fc6064051e613fe008565c052456930ef439dfd8917815b34aa1553285836e67f16f2a87e00b1e4d5c2

  • SSDEEP

    196608:+kvE8Reda7V7KeWkMmzBoVKKW6W+H94icTIEA:tReoV+ezMqBoUOSzTIt

  Score

  10^/10

  discoveryspywarestealerupxsalitybackdoorevasionpersistenceprivilege_escalationtrojan

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2