Extracted

• • Target

    d49cdebf2f20766c111bd01f83c23947_JaffaCakes118

  • Size

    92KB

  • MD5

    d49cdebf2f20766c111bd01f83c23947

  • SHA1

    c9ea2ceb91863699df522b85bb4aa8a53ce4b4d8

  • SHA256

    e73b542b348f9ba35b199c5fcdd0abb871355ed14dad46482061addb87dd1918

  • SHA512

    953b00deea295b8f21a83286a5dbb54eb4bb2d1761c222fa223a98e99ceab7cae83c7091bed1aa9da71d28aae264847108ce617bc18aa2152ddf823a152bb90b

  • SSDEEP

    1536:D2rXYhLQq+PnX3FGzaXTU2N+J1ARisEmZuDNZ1BqRb:oxnnFGz+H+J1g5ZgBqRb

  Score

  10^/10

  discoveryupxsalitybackdoordefense_evasionevasionpersistenceprivilege_escalationtrojan

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • ACProtect 1.3x - 1.4x DLL software

    Detects file using ACProtect software.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Indicator Removal: File Deletion

    Adversaries may delete files left behind by the actions of their intrusion activity.

    defense_evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2