Extracted

• • Target

    NEAS.497c703002250e05da75df461c3abe10_JC.exe

  • Size

    120KB

  • MD5

    497c703002250e05da75df461c3abe10

  • SHA1

    970cc6a10c30f287fbea64f3ef43a3f434dbd5d6

  • SHA256

    2848230b3fee8839522d26325c2ab483dccc673abcd54ed26034dcafad42b35b

  • SHA512

    58838b8676c97b71178cd85d4f34a0b663544839dea615f049837fa31c652ed998a8206f2e1eb9a49caa5d72ab3ee18ecaca8ca9295a357c5231773f645078ce

  • SSDEEP

    1536:+afsUrDdlnvTbabOyTnaGEvr1CQQ5+ZZCNHsoI0Ls1j0H7XgzOoASDSdRYP:+kndln2FTaLRJc+v0qos4H7Xgfh

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2