Extracted

• • Target

    ad6414736e21029deab94abcceabd06777bb38f74b72e7c2b905b1b09d2fa50aN.exe

  • Size

    120KB

  • MD5

    046dfe65358ef4c834a9bdae79958de0

  • SHA1

    479efa4732a63ed54ea160aa7cd61c286b0dba84

  • SHA256

    ad6414736e21029deab94abcceabd06777bb38f74b72e7c2b905b1b09d2fa50a

  • SHA512

    b53f273d6af1290e998e7ca87b39aac23abc2b55b1eb87c3c078e373ec360cdc7ffa1e1e2b967b33e8637b51e4230c3ffa5ebebe1ed40dda77c9c1e1fe84186c

  • SSDEEP

    3072:pxkvFBl8ETOGajfQYNAb0X4Ye9BwJcnOl2:pulQI6eDCcn0

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2