Extracted

• • Target

    c556f4e29fbc88f75c6447b5a813cc709821a3a40187196d9d9d3b69bb46f388N.exe

  • Size

    2.5MB

  • MD5

    a32c632b9b4666229124fbc65bea5550

  • SHA1

    674438ecd68eaf3bef6d18d2a70a54d133755ea6

  • SHA256

    c556f4e29fbc88f75c6447b5a813cc709821a3a40187196d9d9d3b69bb46f388

  • SHA512

    d2d621d6ddd1e2ef2c67139443054035831b1cd05467bb1fd754195c82c7c6b56f36ea5fc196f1a8b075bb55d98369d60afcecd5b1205ea2039239b0adb8afc7

  • SSDEEP

    49152:j0HBBVz/Qf8vOSDt4koZaR2gYgWg465t0SbelgTg4wm850JPqGiY1tIM8:j0HvRo+OSOZUJcI5tHbelgTg425VYZ8

  Score

  10^/10

  salitybackdoorevasiontrojanupxdiscovery

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Identifies VirtualBox via ACPI registry values (likely anti-VM)

    evasion

  • Checks BIOS information in registry

    BIOS information is often read in order to detect sandboxing environments.

  • Identifies Wine through registry keys

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2