Extracted

• • Target

    JaffaCakes118_09759729987ce000bb838e9fda3b6ff0

  • Size

    952KB

  • MD5

    09759729987ce000bb838e9fda3b6ff0

  • SHA1

    5fe3bd1f39a1a6cc465332a482db605c13cee4f3

  • SHA256

    2461aedc90f1dc0443050180fe92cc19ee0d3c20ef1184b03849103d46f07e10

  • SHA512

    be3210c84c322c149297b4c4cb95603135e436f17c21951d0654279640cf0a187c714bf4d9f480d07790d9958e01c5b0aac19cf8b57f58344fad80cced725902

  • SSDEEP

    12288:btpvoJQSYfFyv+LtpvoJQktpvoJQktpvoJQ:btpvolYfFyv+Ltpvo7tpvo7tpvo

  Score

  10^/10

  discoverysalitybackdoorevasionpersistenceprivilege_escalationtrojanupx

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Adds policy Run key to start application

    persistence

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Drops file in Drivers directory

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • Modifies Windows Firewall

    evasion

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Deletes itself

  • Executes dropped EXE

  • Modifies system executable filetype association

    persistence

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2