Extracted

• • Target

    e3f4bae2ec4ab69184cee811798d47ea1198fe82256168770226ffcf17fd7f2f

  • Size

    120KB

  • MD5

    806c2e5ad1d33966860efac41cf26b98

  • SHA1

    7162c42123bba550cc31fd3ff71059a8bfcda30a

  • SHA256

    e3f4bae2ec4ab69184cee811798d47ea1198fe82256168770226ffcf17fd7f2f

  • SHA512

    2f886f80e83014ba707774d82eb2d4ed4aaa1f33bdd8f7e3b58ee8e98676221c1293f9772e4868b2d05708b7b7279fbd4d37d2194de487206e0e79e597ebc835

  • SSDEEP

    3072:wV6ao2hrk3SiPf9BqIDObIyRl3+yBZlt3pyn:zabhrkjf6ISPRZfBZl9s

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2