Extracted

• • Target

    85ae768c13ec6fd40f30c0d0cc0356befb50786e3d300ce0b78eafb3aa95b564.exe

  • Size

    120KB

  • MD5

    505775bc6fbe2457fea736df321faefd

  • SHA1

    4818cea5f198e906b4584ddf2134235c0afc82bf

  • SHA256

    85ae768c13ec6fd40f30c0d0cc0356befb50786e3d300ce0b78eafb3aa95b564

  • SHA512

    bcd486dbdaa05de80db1d797a4181aac74361f28b9faaf2456b8e7072baa44e086dafc30c7ba26d207c15abbb7d8a6afa61397b19e19b9f453cfd8ab71e84169

  • SSDEEP

    1536:KAjgel2pHKnfktQ13oJ45y/b8ddA7xowtqGHLXmZ0rO4Hikw92cDH9LTAW:zUpqnfkQ666bWdA7uw17yQnHikk2cDuW

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2