Extracted

• • Target

    2024-05-17_1fd69796d96b9ec9e9e3e02ffb4023f7_icedid

  • Size

    1.9MB

  • MD5

    1fd69796d96b9ec9e9e3e02ffb4023f7

  • SHA1

    bfb9b0b2135779ef317ae4cb8c08502db1c6b486

  • SHA256

    69b73d94b6e5d850f96e3a6c58c16e7c5fa309748e57bca9cb190da3498e282a

  • SHA512

    3a98e8f62fd5e9ecb3d3fefcc0e0d51545c03524afc43c5b50300c9419403c3f9a13f1f26d863d32e51c550cc1e498712255aeb6c2bc53472f4e47adcc8a1650

  • SSDEEP

    49152:zPXgqJv1c9LaIgwmQvhbo19rS7Ibrmp/UGMg1E:7bJtc9beQKNS7B0

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

  • UPX dump on OEP (original entry point)

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan
  behavioral1behavioral2