Extracted

• • Target

    cdfc7666ce74a54b3933cef7f746d87035af5fe4ee2cde64e29835ad575c5f47

  • Size

    204KB

  • MD5

    4c81bbbce5074cfbc38558c571438fe6

  • SHA1

    a4f16a494dc89253a2fdfd50d222567927c82449

  • SHA256

    cdfc7666ce74a54b3933cef7f746d87035af5fe4ee2cde64e29835ad575c5f47

  • SHA512

    9de66f37502aa4884b145b782c152455af8f17dbbd83df3f79418b23ef7a59e1655cea6374179e7405d7178f0547e3a64a4600183bff1396e2ae6628968a9cee

  • SSDEEP

    6144:7gexrQ0ZqEPTL49znFMHZRDv5EOKihBsrZ:7gMrQ08cMM5LZhB0

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2