Extracted

• • Target

    6cd549be70400e1a7a396e5c14d2f033d8dc8f77d692257ba39bff2b90e0aa24.exe

  • Size

    120KB

  • MD5

    a50653eea149fd49154ac12210963abf

  • SHA1

    54e615e44fd0c8e94807b8928c1147e96419c1ce

  • SHA256

    6cd549be70400e1a7a396e5c14d2f033d8dc8f77d692257ba39bff2b90e0aa24

  • SHA512

    336e0f64e48486b0571c2d07ac959003086670d22db142c337962486e9507eacd3a6f7ad4a198392cbd31de1af9cb32aa7597601127285b17b87b82936fe44f1

  • SSDEEP

    3072:zeTONNbQPLdI5KNYDKDoNX5Ylt8kS03VE:6OvuqQNYDAu5Ylt8kS0E

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2