Extracted

• • Target

    da99e6b22c89fbed57fd46bcbc239bea_JaffaCakes118

  • Size

    100KB

  • MD5

    da99e6b22c89fbed57fd46bcbc239bea

  • SHA1

    83eccb6e526919650b377872334737a202ab2258

  • SHA256

    2a68b25e710f1e91ef5d3a8efa2da166f2b347c0176d1ab45b04bc8c5848c45c

  • SHA512

    79f311323cd908a931e91d54bde6d43a72911d66b7d2cc2cf0add48573644952199dae7a2f67a2b01f3f12d8c1d27e6420a2498dae3e1748f47eba6fa0fab9f4

  • SSDEEP

    1536:VB+cSO0kUAmuLAcM23TuYCJbkpOm0i9JH7lN82RQy744RVY2TsG3FmKn:RSxkTv9M9YCVkpp0i9x7lN/QiVdTFZ

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2