Extracted

• • Target

    cabf33ba747131e6e4f7ea1c71824e38_JaffaCakes118

  • Size

    840KB

  • MD5

    cabf33ba747131e6e4f7ea1c71824e38

  • SHA1

    0eae6aba03f486f4f0937d529bb1a7356e050d5d

  • SHA256

    19d5d67055b75eafb6206d588850198a5e61587279b7a6088190cdc678539c92

  • SHA512

    c28a87884e810eecb3c0c620ba1b973564b0b579dc2dea6b0be1a7304dbda756a64bae477d5c5a32135f56d17527b72879c036f749c0c7484b7edeb03cf186fd

  • SSDEEP

    24576:2QqmszxuCSQpfJBLB1YhjJKM0mmlVrfCz7jxkk31V:2QqNxfJBLoUMQfaz7jxkk31V

  Score

  10^/10

  discoveryupxsalitybackdoorevasiontrojan

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Checks whether UAC is enabled

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2