Extracted

• • Target

    23745e0d83ba4329b7e29bcf691150cd223625acdba3a8464f29cdc1d86e4dcc

  • Size

    120KB

  • MD5

    e751947f1cc4c44cfbe30351f1e88ab6

  • SHA1

    acbb382a6bfe409cf11905193433e80934dce53f

  • SHA256

    23745e0d83ba4329b7e29bcf691150cd223625acdba3a8464f29cdc1d86e4dcc

  • SHA512

    a34f33c6cd223145fb723d18115ada4980a2842cc85b4f2c996de280ac2db741a384a226a425f56b21f2ccc1800cf4c4d97485bfdd879935885f9fe9ccf8ac9d

  • SSDEEP

    3072:I0ih6tvRfkxpQAyb1l/41e2epBeLTtg0hBuAxj5n:ILyvl4pQAybr417epBqlhBT5n

  Score

  10^/10

  salitybackdoordiscoveryevasiontrojanupx

  • Modifies firewall policy service

    evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    evasiontrojan

  • Windows security bypass

    evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Checks whether UAC is enabled

    evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2