Extracted

• • Target

    JaffaCakes118_5383af5303179068d1b7ce7916e1d178

  • Size

    100KB

  • MD5

    5383af5303179068d1b7ce7916e1d178

  • SHA1

    398c4df04bb58de57e6b428db5bb3b4c54c4a2a7

  • SHA256

    3efbebcf837ab9f5c913ffdc7e04e10d218aa7d19469bb304fb01a9051ad9ff0

  • SHA512

    d838cdf22f2aa045ebaa366f6ba0afa518915c7d9077862fdb9049ba5d45a6c6c43daa96cbc03250aba183df613b6f658dc5bdb5de58ac796a1a29f4f179073c

  • SSDEEP

    1536:uzE6cX+nf1v5YkEk0SyJdz2gPLkuVNX2vvmMMsSk82Z2sLyLXvf8E+IQlVJY:uzE6cX+nd5Kjhz2mL7yv+uZysIt+IQ7

  Score

  10^/10

  salitybackdoordefense_evasiondiscoverytrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2