Extracted

• • Target

    1ae6691fb1abeed7380822b2effc33c6fb889f30881e52b2a20a44f55e96ef25N.exe

  • Size

    120KB

  • MD5

    76f82c5535bc85de9ff28f7094ad2fc0

  • SHA1

    45c9e5a988fd5a8991b99b7f14da76f3ff104bdf

  • SHA256

    1ae6691fb1abeed7380822b2effc33c6fb889f30881e52b2a20a44f55e96ef25

  • SHA512

    96867dfbd09ed5ad7ea4e5071f7bd80627996c9537dceacf1a4702d3d872ebdd531f5bd72a7f0aaec10536b3d130ed8334efc839e7f699c4cb6a510425160ab4

  • SSDEEP

    3072:034dZ3CIkPcfN9KW2T4gIsdiqhIGyt+JCzcZ:0s393hsOGyt+JwcZ

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2