Extracted

• • Target

    26f4d49733c8583ccb0f5c598973e890N

  • Size

    120KB

  • MD5

    26f4d49733c8583ccb0f5c598973e890

  • SHA1

    4536fbe71bcaacae93b70e7b2d6d897600d4daf1

  • SHA256

    26f1f892bb9e929c5212a61e3cda12658e23431c65bc4eb0173984ad7d616fc3

  • SHA512

    7c71495860f082fe3e6817b65f7e67ac664ee9e2b086ea8bdbd652a0db22581d1f5b5038a7d7cfa4e1ae4b2ad577c73cbf49ab05a139960cb67a2735712c9073

  • SSDEEP

    1536:XUDz/ILTRIkb9FJKdZRdvp0rRWdzCvNw4EE2u5csquwmBg3WB6CAeKxiz7ogg2Px:XMj4WkpFJKxdvSrR4Hqhcs/B6CATYfW

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2