Extracted

• • Target

    974fb0c4362504b348b8b7282f0ddacc57b1ecb514008bd73735d157cf143c20

  • Size

    65KB

  • MD5

    10b350fb0e2a2c541ee958cec364b7b3

  • SHA1

    7d71b380e045fad63c27b60566cc235fbe739467

  • SHA256

    974fb0c4362504b348b8b7282f0ddacc57b1ecb514008bd73735d157cf143c20

  • SHA512

    4e2b033b046de7b08224771a4f8767819846cceba3c7b5cde8e8c25d1eab190259f304fc49d2f49346f421ce1adeaa2820ea7a206ad444d5a9198b60eff72d59

  • SSDEEP

    1536:HWeXzb8j8QSMt+bH1oCM3sjbLkjBzXPV9Wo9kciPaGA:/NQz+Zol3YngBTPV9vLi+

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2