Extracted

• • Target

    994c4f8549a04113783c1b538fc6021280d3c0043406cba2278b4b84b76a1d84

  • Size

    97KB

  • MD5

    57d4dc0da8ee544444c2e8e6db018b95

  • SHA1

    cb6330235a9a0c0c6306c6abb6e7230780fc25db

  • SHA256

    994c4f8549a04113783c1b538fc6021280d3c0043406cba2278b4b84b76a1d84

  • SHA512

    b8ccf92237e1bdf13f79eb8c1a648f0a3c633d47086d06adfd14193eb59a5c44d37560e2e7cd8fb2acdee6fdea9066382121015c3cbf8ff3e584e3aaa4785431

  • SSDEEP

    1536:2gXXkYA0aPhChj1aF3VEhP0t3JINaf82X4X7Cl:/jA0aZCzaAhPm3OuI7Q

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2