Extracted

• • Target

    edddcc795c8dbe7a8a3f51471691ad2021aa9d6ff67f9729c36b49e69d9b8aaeN.exe

  • Size

    120KB

  • MD5

    9fc3afeab14b43677e60bf7f38a866b0

  • SHA1

    a67211ca72f2ab7c36eae2a6dfcf33cd3f2d7de9

  • SHA256

    edddcc795c8dbe7a8a3f51471691ad2021aa9d6ff67f9729c36b49e69d9b8aae

  • SHA512

    e7ec8248f43d19b42d9c97c709d352e8f3d994759654b647c1518db74598d16ff0817995c8b329ef7a21a3d7f60d5d70a0ffaed5b9d6a9e51acdf977e01e6f09

  • SSDEEP

    3072:SKBM5aBiwD7Tj60LgMzCVygXHE4AGmuX0K:S/E7PKOCZXHlcuE

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2