Extracted

• • Target

    0768fbb50e2e83bc87248cc48e36dc3c3b6f22cf59ac1ee9dd3e8a60e22792b1N

  • Size

    120KB

  • MD5

    8f7aa4045176c2123252c7f8bb6ea6b0

  • SHA1

    cda00035c77c513167cf8948455da7e1b1fa0ba8

  • SHA256

    0768fbb50e2e83bc87248cc48e36dc3c3b6f22cf59ac1ee9dd3e8a60e22792b1

  • SHA512

    d231a9a84c6096cd03f871835df0ed32736b1207fadfd3c5797b4f7355b9dc9f7fd4515103a29fdc09774737b55e59989ed1ff17afad5bcf1160612355ca7d3f

  • SSDEEP

    3072:RB7CtxlSlOBZ94N3jvbV3o6lfom+mIHJhnK:PG52OBZKFDfjeh

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2