Extracted

• • Target

    d7994ceb451e3856eaeebd7f11316b1686e66ffb7ca4a30271749f56642ba5b7N.exe

  • Size

    65KB

  • MD5

    8c309fa8edc46e53f1e620310a7ff320

  • SHA1

    62c5c8780d5a3a868b99b8972dfda6a456c96dc2

  • SHA256

    d7994ceb451e3856eaeebd7f11316b1686e66ffb7ca4a30271749f56642ba5b7

  • SHA512

    9da1f3f45df02c1d807153b1e6cf5a1cb25c120596fb59fb15063e293b56d4aa28457871643f95ab2b32d37329a348ef6c0f71c0ce39b1143f1aace25b45b0a8

  • SSDEEP

    1536:Q94hL9Pl+uYGffwmROpyF5TusDx9a52Zh3VlLN3QE0q:Q9FQXcuusa52Zh3lCq

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2