Extracted

• • Target

    c2f63befdc1d16a6802cc6990d0c68ee9458b3a5822571367c4af5182d763939

  • Size

    223KB

  • MD5

    83b66d8ccb070d2d34893318dbed1056

  • SHA1

    52b55fee96acf5765635598b5eb431ead3b70263

  • SHA256

    c2f63befdc1d16a6802cc6990d0c68ee9458b3a5822571367c4af5182d763939

  • SHA512

    de1aa185f9279690ae938979e36dd8f819e6c1a84ed9af52df8351ee9a514f518a7b4c43c0f0d6030f4efacfb15f9ef6b8623a4b28ef7155268a646ccec774ef

  • SSDEEP

    3072:Ji+O7M5e7i224zEzYsbzEa/uqgMZkMuY8iQBp7N0pMR9Td135O6AnbjRX66e+csy:oV7k9JgKuL0ATd370Vteqm1

  Score

  10^/10

  salitybackdoorevasionpersistencetrojanupx

  • Modifies visibility of file extensions in Explorer

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Modifies Windows Firewall

    evasion

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  behavioral1behavioral2