sality | 83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
21/11/2023, 00:05

Target

83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52.exe
Size

1.1MB
MD5

838f22b69e2364bf470ff4ede5cdf4ec
SHA1

d9132ea69f08f2935bcb6d044057d3032722552d
SHA256

83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52
SHA512

df5037461cfac1a7324d59922bd8b5a87f9d24cb9875e2b46bfff41f0f5acef002e1523a4b2775624f839e885e73d6727c65b676ec04510ba1b14a39e3514d90
SSDEEP

24576:1WmrmEGqqb5DtBum2mqm1EIVMgqG5GSo36c:1rGqqbovX3xB

Score

10^/10

sality backdoor upx

Sality
Sality is backdoor written in C++, first discovered in 2003.
backdoor sality

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/1996-2-0x0000000002740000-0x00000000037FA000-memory.dmp	upx

C:\Users\Admin\AppData\Local\Temp\83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52.exe
"C:\Users\Admin\AppData\Local\Temp\83870a2489a02157b3d337b703e2d71b950522d3ea5ae7844a0618bb5035cf52.exe"
1⤵
PID:1996

memory/1996-0-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1996-1-0x0000000000400000-0x0000000000527000-memory.dmp

Filesize
1.2MB

Download
memory/1996-2-0x0000000002740000-0x00000000037FA000-memory.dmp

Filesize
16.7MB

Download
memory/1996-3-0x0000000002740000-0x00000000037FA000-memory.dmp

Filesize
16.7MB

Download