Extracted

• • Target

    JaffaCakes118_b57a07814b6297d6a381572d2047cd6e

  • Size

    100KB

  • MD5

    b57a07814b6297d6a381572d2047cd6e

  • SHA1

    308ab3ac1d26d9fc898f6fd497892fa04b6dbfa3

  • SHA256

    52b58ba2b0250a2b8811db934ae484668e1df9864218bb2e03219d520b8c090a

  • SHA512

    08fad7b3e4438511f5f962cbbe30d8ed368c1156acedd8e7506aa5109f56260ffa51b7ba8bcbef62371110b0fc7b8d3f147b400c0e357d5a82f9eb5b5004b491

  • SSDEEP

    1536:ZLnbrVtRIhdpvlC5eO761WEufYshMtZRPBj4DHRTd0uKr/eLjoxdsfEPx:ZDXVtRgkeOixufYsmHvcDHjJ6

  Score

  10^/10

  salitybackdoordefense_evasiondiscoverytrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2