Extracted

• • Target

    9f2e8cacc7a9f08a303f07ffa28a9008dc14c2b1d3ec65a8b5fff553869c9feb

  • Size

    645KB

  • MD5

    c6920fd0c89f21d9d22063f280f1fe4d

  • SHA1

    a7cd8f57200ac2673bcfcbdc93869006bd90329b

  • SHA256

    9f2e8cacc7a9f08a303f07ffa28a9008dc14c2b1d3ec65a8b5fff553869c9feb

  • SHA512

    6b105478c0ed39f5b835f0d6eeb583724c4127b304c6e6b4152ae73c4ddc92d732f1cd7578429331a84e28f6616dba5ee000261ec61d7ac9c2ce94843570bb7f

  • SSDEEP

    12288:N8MxLli5fqsy4Kx7EkPdBdtueuu0Wdbcx07TBkezAQMGk+p/w/sFxOv:N8MHi5fuLtdBfLpk5QMGF/w/sHOv

  Score

  10^/10

  discoverysalitybackdoorbootkitevasionpersistencetrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Writes to the Master Boot Record (MBR)

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2