Extracted

• • Target

    82a83a1b061008ce3698fd101512f069ee1bb43f2b8fe5500b2f9d689f00fcc8

  • Size

    97KB

  • MD5

    83787e26fa952d20fbfa2f5f58f381e5

  • SHA1

    87ccbcfecd62d0cfc47a03cbd0a6e7a9c8202e47

  • SHA256

    82a83a1b061008ce3698fd101512f069ee1bb43f2b8fe5500b2f9d689f00fcc8

  • SHA512

    0d7ada40103cdf6eb0f56312d7f1e8fb0d2672a8d04d5e77a27f1ec2c1e7b7b3908d7aa8af3cbd1b08180a68c1fcb711018a0fd1b6425154352b9a9807850e24

  • SSDEEP

    1536:385NxgBzgbnC/3lpNK7pkXdFIgyQD6PviCfRnxF8ThdNiCnSK4Ot5I:38R0zUipNK2XdqgyQD86CpxF8ThGdd

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2