Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
39d82dd1eb0431a1342b60d4d5388325f4674709caad644f63231cf0e1746857
-
Size
523KB
-
Sample
221121-kw59yscb97
-
MD5
3b38d6c81a3829071563f79ba2eefea0
-
SHA1
daa3dff9b43a6f55e50f0c148fa8ee219d860d72
-
SHA256
39d82dd1eb0431a1342b60d4d5388325f4674709caad644f63231cf0e1746857
-
SHA512
2221bfdfdbf8d2e64aba535d193eeb6813c9afa87d6a370efab6ea870f06f9f896069bd233cd03a88698f6de7b03f6ab39a1ffbeca48751e2465428cbd07800e
-
SSDEEP
6144:KEdd6dd0d6ddddgddgwqmsvjxYvrD9C+2k06fm2ayqOX9vu6gOE96FYQuRAOZMUN:Vdd6dd0d6ddddgddCZRjj/k/BOsjAdv3
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
http://www.klkjwre9fqwieluoi.info/
http://kukutrustnet777888.info/
Targets
-
-
Target
39d82dd1eb0431a1342b60d4d5388325f4674709caad644f63231cf0e1746857
-
Size
523KB
-
MD5
3b38d6c81a3829071563f79ba2eefea0
-
SHA1
daa3dff9b43a6f55e50f0c148fa8ee219d860d72
-
SHA256
39d82dd1eb0431a1342b60d4d5388325f4674709caad644f63231cf0e1746857
-
SHA512
2221bfdfdbf8d2e64aba535d193eeb6813c9afa87d6a370efab6ea870f06f9f896069bd233cd03a88698f6de7b03f6ab39a1ffbeca48751e2465428cbd07800e
-
SSDEEP
6144:KEdd6dd0d6ddddgddgwqmsvjxYvrD9C+2k06fm2ayqOX9vu6gOE96FYQuRAOZMUN:Vdd6dd0d6ddddgddCZRjj/k/BOsjAdv3
Score10/10-
Modifies firewall policy service
-
Sality
Sality is backdoor written in C++, first discovered in 2003.
-
UAC bypass
-
Windows security bypass
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Windows security modification
-
Checks whether UAC is enabled
-