Extracted

• • Target

    NEAS.19f1a006a9dbdf368ba32a958dcfcba0.exe

  • Size

    97KB

  • MD5

    19f1a006a9dbdf368ba32a958dcfcba0

  • SHA1

    29147990752d704a308aaa628c768936f2d944a6

  • SHA256

    e8f21bc414be77e8276b95a69fcd8c4c9ba933a8d1f5bb98b5ac0c7fa25dfa0d

  • SHA512

    931b656be1520790e8884868fda05bc8a61eb4b11d2d48ef27e9c490414196f9de1ac257c819ba8f2b0f22c99aad0ba247f72187336fafa212104c1b35e4e2b6

  • SSDEEP

    1536:VDrda3Cu4Ow6DVx/Cfiyf870ETmICNA90PTBw6FHmsB/5JoIyWWpa109D:ldru4aZ6iyfOlwd1hFGsB/fmpQ09D

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2