Extracted

• • Target

    d7ea26196294d1221cc5e6c1e75bcc83_JaffaCakes118

  • Size

    840KB

  • MD5

    d7ea26196294d1221cc5e6c1e75bcc83

  • SHA1

    2dcffeeab4a9ef26ffe35d73a997f2db90fbd072

  • SHA256

    d946b050d162fd5a3ed39f2f42ec1f7147b45684ee6701d9ea7a4823e26c2bf7

  • SHA512

    8e578458e87f6ca73b0a27329338195c42c6ff648695a29b2bbce3e2a23a666e67f1c28c7820d6f9b19f5b0b62bdff2dd6234177d1969a1eb2352dcd20ecdbe0

  • SSDEEP

    12288:7PTv+CFW4hPdahP/RN2kU7fWS36pweWGJr619QV4qqxEnEk3D6qC5UjufyFU/77n:7PSH4hQP/RN2fLqNK9QV4qBH1t+J0dET

  Score

  10^/10

  ramnitsalitybackdoorbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit

  • Ramnit family

    ramnit

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2