Extracted

• • Target

    NEAS.19e9e396cb89a986457107af58161a70.exe

  • Size

    120KB

  • MD5

    19e9e396cb89a986457107af58161a70

  • SHA1

    4371f65ec82ceec01e1c6fd2e37cea4ebd8aecfa

  • SHA256

    b28001e8f217f4475e2c8d9693b9a5a0c240aa1b0e2eb9020b400e5b72b39d83

  • SHA512

    65dfbbdd6a8546b1f4768cba51cfefa9a0fd7a8e95f1bafdf30a01549518461b99f2e4cb578c303578e0de66849032a0d25902cdb7b22a22b1042755676b0f5e

  • SSDEEP

    1536:2vVGanCLFMFLvz1WFiVZTjECQ9/F9XiS1QmvyIudhD1I4Wl/yJnH/HSaY0XxBIH1:2NlxU4RQ1iSyn3JWsHjTXxB

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2