Extracted

• • Target

    9be6c0261d52ac9f54f8a7544f6541523e67e64890df227ce9e5904c7e16d5ab

  • Size

    120KB

  • MD5

    0d42ab63589f8409fc57ae64eb27dc46

  • SHA1

    0245ba2aa308ede97f6ac34c1781a5f83e9c6436

  • SHA256

    9be6c0261d52ac9f54f8a7544f6541523e67e64890df227ce9e5904c7e16d5ab

  • SHA512

    eb3e2e495b0d5d5d67dd3609326308c5e64bb094aa66ad36bad3abe18ae8ff9ddf15ac31423e96fa412a5a5610b904fd29fdc655b2c3dab0bb255011287ec862

  • SSDEEP

    3072:RrEOoXnzkZSfhun3mTHvZO5BZlHW3eyH:RIf3KSfhSmTHvSPHy

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Detects executables packed with Sality Polymorphic Code Generator or Simple Poly Engine or Sality

  • UPX dump on OEP (original entry point)

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2