Extracted

• • Target

    6dad95abd55beb7e69c7331e186cfffec1a9c89b8f4d58b5fe53db8c082bee99

  • Size

    200KB

  • MD5

    6fc4a01694ec42707b4ede49510be100

  • SHA1

    9291ba8ebbb1ba01e38d727fdd77cb5aa027b4a6

  • SHA256

    6dad95abd55beb7e69c7331e186cfffec1a9c89b8f4d58b5fe53db8c082bee99

  • SHA512

    ed4fc889733e7bb6aa39fabd7bc34314bab61f6a50bd50eac8c56e08626186d6b6aee3a2054eff6536d40617ef1e778b9df3e8f83cb2133a018e1543baa008c0

  • SSDEEP

    3072:TQIVRTXJiP+1bbLDtpJuHnjl9DrXwmqtaBL0GFkfRXk3UqRgrXH2TPFfth/S8lpe:TJUcH/tpE9tJ0Ekp03UqRqWTFl5S8jYJ

  Score

  10^/10

  salitybackdoorevasionspywarestealertrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2