Extracted

• • Target

    47af77b71d18b818c346a29b64b4b195c223e68fb8c8c34fd16442be6d66d50a

  • Size

    143KB

  • MD5

    1ed4711d042699db808457785e8f7131

  • SHA1

    af01176880364823e5d8616b0a08b6f880c840d7

  • SHA256

    47af77b71d18b818c346a29b64b4b195c223e68fb8c8c34fd16442be6d66d50a

  • SHA512

    2f2449823fda6e68635497d0a350d6273fe85e95fb839fab9135763c726006688a1d3cf01abb5935edbf0b2a4f9fad72e74cb73cf3d3d5434a24d7bcb66a91a3

  • SSDEEP

    3072:BEnYS5dUnaD8vIy/KXA/REceYn6tKiKE:arOnaYvr6AmcTnuBv

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2