Extracted

• • Target

    eb6a8d7766e2022d3adac0b7a310bf0014bad71dd52ce0a6b23cbcc705941b2a

  • Size

    120KB

  • MD5

    fbdbd6761bfb21476b2b2ffd7b3f8afd

  • SHA1

    3efa712bcc8b5a444dbcd5eac7a11ca78d081ff9

  • SHA256

    eb6a8d7766e2022d3adac0b7a310bf0014bad71dd52ce0a6b23cbcc705941b2a

  • SHA512

    90d13e7a48fc4c2d4e9be07b523f5bbdf1217c1adb926158404cf5707febc2852acec1a719f98b74d8cafd7830340c3019c7f7947d3d0a43d6f09cf54719ef30

  • SSDEEP

    3072:Tj3rwJMZX2qUKMBiFo/R6mV+EBKPOIRNjKDKWjQ:TLcJMZbbqgmwEIHjKDF

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2