Extracted

• • Target

    a471627cdd65a615ad5180ee861b0d5c231d594d385505d41709b702916165ab

  • Size

    187KB

  • MD5

    652fe67abc4fc0f30fb5e6ea103aeebe

  • SHA1

    9f61655f762ab001915cbbc8a84a324f1eead7dc

  • SHA256

    a471627cdd65a615ad5180ee861b0d5c231d594d385505d41709b702916165ab

  • SHA512

    3cb8384684ef864cc2ebe5458c994e248e25cb02326cda14980f3ba72f9ecba353a00ac6c1d48d3fc6c8ab184a78017c2ad7b1ca8e702cbb84566d1c7557b186

  • SSDEEP

    3072:St1Z9xolp4D4dMz4n4N4t4R4aEIIIIzDMY5pdRvuJOtkedrfNkq35vU:e1Z9xolxMdEIIIIzL5dgOphHU

  Score

  10^/10

  salitybackdoorevasionpersistencetrojanupx

  • Modifies firewall policy service

    evasion

  • Modifies visiblity of hidden/system files in Explorer

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2