Extracted

• • Target

    d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8

  • Size

    120KB

  • MD5

    831f41b899e260f0358af779744d6803

  • SHA1

    20bb9e69850233974c706ec3308db88ef4480f8d

  • SHA256

    d8eba7fb40cdadb3437d2a7d9ecf158245d59287b5b9c36dfea52e61dba459d8

  • SHA512

    16b6197ff94179708a1f3b46419bd0778d85a2e075d8340e9feea722407cd003f89158821a431afb1cdda59e4e133f847a44579215a3a6488e1d3db95489de43

  • SSDEEP

    3072:bZf1HFqSHmltvl81KiE8SCX1Ck4+1YCWtW9:bZFHHEXiE8hFCkR2H

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2