Extracted

• • Target

    4e85accb03e4e07cc04c8036f7050b3b75bc7a65c48b1f81ee9e4298318875f7

  • Size

    65KB

  • MD5

    9288e80395927c8642bde0c6b6028dbc

  • SHA1

    66cc9485001dc583a567190fe2f581951673eb77

  • SHA256

    4e85accb03e4e07cc04c8036f7050b3b75bc7a65c48b1f81ee9e4298318875f7

  • SHA512

    7a1faf83eb0d8326b2515a82e15c963cc2785f98c39d4d124aca1b225e65e46c35f6ba0cccb165bf1f4db6f9d23aa50a3978453508e2af9c2021493cf546e3f6

  • SSDEEP

    1536:XJmFkbo2AthaiA6+fkC2z5lSd3wIlpCJhrEP2M7NfzEsZ7X:QXthaiA6U2Nkd3V9rZL

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2