Extracted

• • Target

    4cb2032ca9e2a32a89c95558a4bec6fe02117c1a16790d7faea35ab765392f64N.exe

  • Size

    636KB

  • MD5

    aad6e17fc6ab888f939189b1965875c0

  • SHA1

    e4bbbb0f8d6f82e2f9c37d9b3d523d8c219e675d

  • SHA256

    4cb2032ca9e2a32a89c95558a4bec6fe02117c1a16790d7faea35ab765392f64

  • SHA512

    31a2d0c0b88f2fef9b6aad2171498623a8d370793819223baea7749c3e07982717bca6546d3208a89b6ab0cf2488c2ba3a16ec9a873b05a3a4cf8ef1ad0e0539

  • SSDEEP

    12288:AtpvoLeovtFUD5jaAwxpv0wVrfMSKuudo:Atpvod1FUDZh0pv0sDKuO

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupxpersistence

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Adds policy Run key to start application

    persistence

  • Disables RegEdit via registry modification

    evasion

  • Disables Task Manager via registry modification

    evasion

  • Drops file in Drivers directory

  • Event Triggered Execution: Image File Execution Options Injection

    persistence

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Modifies system executable filetype association

    persistence

  • Windows security modification

    evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Drops file in System32 directory

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2