Extracted

• • Target

    NEAS.15b234ee0f96f5da04e9bb93963a2170_JC.exe

  • Size

    65KB

  • MD5

    15b234ee0f96f5da04e9bb93963a2170

  • SHA1

    0be4490eda670390ec2c2db21ee6b9d01f66ec37

  • SHA256

    43d719a5dff0dc7d5ab6eab4741e4f6ae8f124dedb1242ed7751f063fd918b2c

  • SHA512

    a9d71b2901b16edb80c1d69c353c1e5794bbbefd6b75b78298bebd1b122881400f9cb2087dbbe0ef1c3155884e2c51fd883c5641ce12750f8d6be6befbe50a20

  • SSDEEP

    1536:ZTKn5OaBwqNCDXLnto3KJ+4RmmxEdIiEOROxGx9iELBCI+tAL3:IgqNct9JbmSEdDeeYBt4

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2