Extracted

• • Target

    11a4111b214f68d84dd282b895eca6e4fef4e439632f6c2f226f843a93d3a09fN.exe

  • Size

    120KB

  • MD5

    43a84ccc82531c7038004fc2fcdf5960

  • SHA1

    bcaaf79b8d8fb34ab9d22b9990e0408eecceefce

  • SHA256

    11a4111b214f68d84dd282b895eca6e4fef4e439632f6c2f226f843a93d3a09f

  • SHA512

    26c70425bc6b3c9c3cf8b901817158a856d3f67640dfff93a7af8e8b86f9c21d8b59fd12f95ae10f3c74774bbf5810ca71f042dc2bb522d9169fa62fe8e6d6ba

  • SSDEEP

    3072:sIPmmCgC0uKEs54ATE+tdgmEGs1bLdhL:sIPmmluKEK4A3dgRP1bLd

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2