Extracted

• • Target

    ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f

  • Size

    170KB

  • MD5

    43c5487e528ec3952a7d429b1a37a1e6

  • SHA1

    73cb91e30a1ebeabd209916f5337ff65d9f6286d

  • SHA256

    ebb4bb58bc0f9a6eb501fea32f4216698670666d4cd450a4095edad6d624090f

  • SHA512

    bf41b7d04ecac05e3624306e315239166b5004126c50b7fc5c83d6cb68f25588fc9cf82f0f7c3ba3efc68f6a44c24ba12872e5f5b93580ddf92579a090e47224

  • SSDEEP

    3072:ivsp2z4JMWLaMrGcDzINDVpVHvsyRnoYmp25L7qouIWm4w+sCF8uzdW5dMSX:ivuoeycD+HvsAoYmp2ju44w+N8WdWjlX

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Executes dropped EXE

  • Modifies Windows Firewall

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2