Extracted

• • Target

    a3bb0b8e9bd6edcc229bc6bfbf9a8890e9f3f5ee82c7d875c9ae2ab0e0692c19N.exe

  • Size

    120KB

  • MD5

    ad31ef1d417bb7bf495906c443c00ab0

  • SHA1

    440c66ae2b8ea0405cec513401d12300bc011bad

  • SHA256

    a3bb0b8e9bd6edcc229bc6bfbf9a8890e9f3f5ee82c7d875c9ae2ab0e0692c19

  • SHA512

    a2042b5eee99156ce0a8c351db72e248d6a08a3e198825bff4ce5e3991936aeb66810a62b63243f21ccd8e224e6a95aa585ed6332a99758020dd534f554d29d9

  • SSDEEP

    3072:7Nz/lGstvEtTnhzQfpH8/o1ZSgbWiH38Yy:BzUkvEARBSgdHsY

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2