Extracted

• • Target

    5a0cbc67855a9fea1709a8c2136f0e85e1c9fc74deb51c24fcef0c96e89cd3c6N.exe

  • Size

    120KB

  • MD5

    198f1aa59e129450b8567787d18759d0

  • SHA1

    8aafa0cd330ac947b3196720f65efbe545bf73da

  • SHA256

    5a0cbc67855a9fea1709a8c2136f0e85e1c9fc74deb51c24fcef0c96e89cd3c6

  • SHA512

    70523dbc77facefe8538b4f20df2585281d57174727df8db42ad2ccf7bcf79915ba1e6d0c2f89481d3b8d178fab3847af24fc1d398c95708c64abca31cb99ce1

  • SSDEEP

    3072:jCzkUlB+Cn7M2EguPvd4khizd73BM+ccfg4s/r3:sV3n7BYdlhilF3o

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2