Extracted

• • Target

    JaffaCakes118_75323f84a382627fe3221a1414da18e6

  • Size

    100KB

  • MD5

    75323f84a382627fe3221a1414da18e6

  • SHA1

    919a658a466ca117b3b00fd20561a9e05dea1cc5

  • SHA256

    7cbdac7e8cea9a13f5884edb596d48a5b381c9842a6e744b8a3f3571f03e72b3

  • SHA512

    c688ad561f6220389500f092792b9ceb0cf277c15338996e92b807b01b1a91ea43788ba6f8f566c1beb7c9baab1fbada9454355c195d7235e9406acc21d0b053

  • SSDEEP

    1536:E2zfaM6kqDBXdbGQaUNkQPYBX0Fb+JPyhsgSCf23OhiTpmIp1rorhxm:FaM2DBXdbJXqPOq2HSC+3O0BpFg

  Score

  10^/10

  salitybackdoordefense_evasiondiscoverytrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2