Extracted

• • Target

    a4f5e3a560c341052e58beec624270ed21ed57d50ba2e53dd629312131a9cc96N

  • Size

    120KB

  • MD5

    d3261a098753109d413c4141984cf6b0

  • SHA1

    a9df9164bde9c766c9421456eb4543672186b431

  • SHA256

    a4f5e3a560c341052e58beec624270ed21ed57d50ba2e53dd629312131a9cc96

  • SHA512

    65e91c017de91fe33df6ae4305aac7c403c8189769caf4e7ad903a2bdf086d031265fa67b3916a31f705690b14d50fa66449fc6c9f12edf6626a21b107c10b0c

  • SSDEEP

    3072:HlXeFazaLsJgelwL7nV5XmBeRX1ClrQXZJ:Hg4aKgelwfbXm2gyXZ

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  behavioral1behavioral2