Extracted

• • Target

    75111abf09ba3fc312c0889d4c5b129f050cd257b5e126e034cb2a9c6e7cc061

  • Size

    3.2MB

  • MD5

    11787699d2b0aa47d62ace65ccef412d

  • SHA1

    06acba760f202e5293633ee8077df95d7fa4e629

  • SHA256

    75111abf09ba3fc312c0889d4c5b129f050cd257b5e126e034cb2a9c6e7cc061

  • SHA512

    da960d76c0177f04f6ea10de275ab681039a0686a8e05e98081f5538233528917f940f28fd1994e2ccd996ceee1c925caabcfec548b2cffd03694b0433368e92

  • SSDEEP

    49152:WG2KLC1F+/MZ2X4MUkH52P+o4v4IF93mXkIWbWJF/DUgkThW4+vGmIj1:WG2K+1sRUkHq+pv33FILoXpF1

  Score

  10^/10

  salitybackdoorevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2