Extracted

• • Target

    2024-05-07_5e461b7c8bc4b0cbd135bb15af376a24_icedid

  • Size

    1.9MB

  • MD5

    5e461b7c8bc4b0cbd135bb15af376a24

  • SHA1

    3b5bd0c8c31bbc22e80a8354c7cf87c19ca621df

  • SHA256

    119b086bfeea0d601a08e67d38f75d45828f1f9d7587ddf681e9e417c320f306

  • SHA512

    90512c4c0a110bcea4e796edc179291bf3812fd6a248ee5ff687696da74ae82a542e91c91f2e6091fe69d57ce1a2be9eb0e721011544a519054dc7a697278afb

  • SSDEEP

    49152:BM/74GBx2qQgxZQcciXhj07qmcjdL3kq6JFhbDEgJE5u:Uh2PgxqYXhA7qF5

  Score

  10^/10

  salitybackdoorupxevasiontrojan

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

  • UPX dump on OEP (original entry point)

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2