Extracted

• • Target

    d5bdfc04d3d391049efc993c21ec5690

  • Size

    445KB

  • MD5

    d5bdfc04d3d391049efc993c21ec5690

  • SHA1

    0fbd54511ffc1552d9b9ce4628eb5eb8dedf76af

  • SHA256

    bdd49f7307e0a1f0987c6fc36ff052e8bb91ba543666bec7a13989dd71e65729

  • SHA512

    ddf4258969abb392864089ccbfab3f87be5ce5be5923775af2d6813d29d3fa337510bd0073594d111e80873cb1c29f6edfc13c5d4fc8ffdf64116e0ff446c2e6

  • SSDEEP

    6144:jABnfZJuxGFHt5SJoEylpWGo4KBeOK/ju:jANfuxgHt5yBylUBM/

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2