Extracted

• • Target

    78387aeae954fa2551fdc322ab9b8d8431b9d40424c4bc74a2765df1cc229d9a

  • Size

    97KB

  • MD5

    1e76b32c4920af5b63141422a5b66a82

  • SHA1

    3bf503ef7fbafe3b547f1724d973be25fff62c3d

  • SHA256

    78387aeae954fa2551fdc322ab9b8d8431b9d40424c4bc74a2765df1cc229d9a

  • SHA512

    1276ae970450872a9d70b0b6c11b572a242be20aa5ca0d7801ba4e72e830a9b8c8661e0df45dc769a671e7747de2e9c026d1f96ae59490942bd7cc71c481879d

  • SSDEEP

    1536:8rDAA22iAuh81aazpU+Qd9IG6XShuw6Y+zS0mAOg8v:8rDAA2DO1DzpU+Qd9BoY68v

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2