Extracted

• • Target

    35a34ecdc36d91df6f11b635088eaf166e56829a3e69b66ea5fb40f1601bc365

  • Size

    120KB

  • MD5

    7e8b3cbe05787b5d3bdf2dacf2c03b11

  • SHA1

    287308d1aed1dfba843908356a499010dc3aa4bc

  • SHA256

    35a34ecdc36d91df6f11b635088eaf166e56829a3e69b66ea5fb40f1601bc365

  • SHA512

    6f02e8edce43ab172351b45794b2a3468e4600eca1bec16d4be4e41f81f8bf6261e2678ebce47abff5128b33f5e49bca318ace587057aae6a579bb466bfd2617

  • SSDEEP

    3072:bfMR6/E0629tRf4Yq9Rea5ZzzbhdOq28zPF:o72J2M2fZ2uP

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

  • UPX dump on OEP (original entry point)

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2