Extracted

• • Target

    6c71116d97ce15f797e3397f38345a68ecc1f5cfef88f155c76152a6acf1e6e1N.exe

  • Size

    120KB

  • MD5

    cfa76f5caa0d93252c203df38df55d10

  • SHA1

    e34c9d3f3114d3a73025cb7f9f2ecd74a1a27db7

  • SHA256

    6c71116d97ce15f797e3397f38345a68ecc1f5cfef88f155c76152a6acf1e6e1

  • SHA512

    882acfce7ddb21c7dea64141e74a71000a104b78e1b45d7adebabd95f7e4683762466529c2811a40d41ea3ac420b13db136cc154014cbc87910906105a99a807

  • SSDEEP

    3072:Cz7n2EU0BIkqau6V+VN2diav0g2VCFKXOpkJ6r:CX2Dkq368VNWJS6aYkM

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2