Extracted

• • Target

    d194a49af22ffc16f86d5269446e55d2823f4c236770331026d197d380cb2314

  • Size

    120KB

  • MD5

    840fa30e8f93b1836988687d548197e8

  • SHA1

    9580cf08f6d5c0950214c50966c52d44ea09d72c

  • SHA256

    d194a49af22ffc16f86d5269446e55d2823f4c236770331026d197d380cb2314

  • SHA512

    132e4e2fb545e8a39924dc773d79bef1e33dde101e1425850538bc965a29ac6ed2b14960df9d15aea5926ef0f420860c408392514ad2b2e62b7435f02de48ef6

  • SSDEEP

    1536:4AjpoQvgaccPjlBHRrcMRKQKNdrgSTJbAIa9ptaXe:4Ap4accLllRoMqPgSdRa93a

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

  • UPX dump on OEP (original entry point)

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2