Extracted

• • Target

    8b77c7b8ccc0db437f2d33c5c17af0d340d82fefc615af14328cd0186338c0e9N.exe

  • Size

    120KB

  • MD5

    87432b690821ca17f42e05c9cff5af00

  • SHA1

    8c7044e3eb0dce3cf1784160646abd6d43f2e11c

  • SHA256

    8b77c7b8ccc0db437f2d33c5c17af0d340d82fefc615af14328cd0186338c0e9

  • SHA512

    5faac7970d59f4fa7b4d3977d01eae6f14ff19bb8027a0014e1aa8dbe29acf07bd8e4880e3fd487ab6bc86a963ba70160b1200240f48c70aaa526c919a84d5dc

  • SSDEEP

    1536:WQ2ZqiKFJHPNlBnBVIayZTSBcyhBWpbdtAAxN47lDg1km7S8arfKidvDX1Uw:R2ZSXH1lBsailBrtHxNulDS7SZrf7vL

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2