Extracted

• • Target

    689dda417fde3ff18f7e5c3bbdd6edbc18f6a2cb0112a5489c9518741282a195

  • Size

    1.3MB

  • MD5

    b8173f11d1025ea44547e84fe3eebfc9

  • SHA1

    3cc0df741688308f6479f3640fae9af01e3e145c

  • SHA256

    689dda417fde3ff18f7e5c3bbdd6edbc18f6a2cb0112a5489c9518741282a195

  • SHA512

    0ceda0bfe1811d0d4b0de6944950dbc51d7f42109e576d985ec7783862a6b2a5b240604aba2c0fbfcc31a6e500fd1d4a1769cc68d296996ba95df510d95b0130

  • SSDEEP

    12288:5qOPajQUXXP8QvLWFx6Mo5rippDC7ee1hpls4Ey+ES3umGbTOZwF:5najQEPnvg6PhWDC7507aW4

  Score

  10^/10

  ramnitsalitybackdoorbankerdiscoveryevasionpersistencespywarestealertrojanupxworm

  • Modifies WinLogon for persistence

    persistence

  • Modifies firewall policy service

    evasion

  • Ramnit

    Ramnit is a versatile family that holds viruses, worms, and Trojans.

    trojanspywarestealerwormbankerramnit

  • Ramnit family

    ramnit

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Deletes itself

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2