Extracted

• • Target

    bad22403a1093ede3de475f007de19242a1a2e559a72614a5354f3a79eac0736N

  • Size

    97KB

  • MD5

    f28efdadfaab9b958825989d34906f10

  • SHA1

    36f2cb3acd90c324956046e8df282f24fe93bdaa

  • SHA256

    bad22403a1093ede3de475f007de19242a1a2e559a72614a5354f3a79eac0736

  • SHA512

    9780e590ec8684fe5f8523e558c8275c58d70c4dbed23556788f6447c14ae794b8c8023e61336d0ac54745a50c12472a56c4a77f98a584ad220d53fa9746f93b

  • SSDEEP

    3072:MsUSPbaRErFJp45NOuy0hud1J05/2ZUH7UEcBB:MsUSPbaR2Jq5NOuy0huvJ05/2LJ

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2