Extracted

• • Target

    NEAS.7444ca9be507f7fa198023822cc1a620_JC.exe

  • Size

    120KB

  • MD5

    7444ca9be507f7fa198023822cc1a620

  • SHA1

    7ed05d2244091f15b793b28a9e646f3baf0e86df

  • SHA256

    edf6405fadb1f3931a8119f5cfdad3f89f023898837345bf546d815b36be7d62

  • SHA512

    0bee40b8c8ee3d3cfad93dccdadd3d40cf9ac05c5289ab14e3687c6239721b68fbbaa763f0af140e183c30932c33371c54d8978501d57d3b6479ed98fa0ac1c7

  • SSDEEP

    3072:zyil/H99lEtGCp0m5kJ8OMFiFY5Cy6/fz:eitHDytl0sINfZyo

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2