Extracted

• • Target

    Rootkit.Win32.PePatch.ee.exe

  • Size

    623KB

  • MD5

    3b1f5494cdc2ed7acc69885560f3929c

  • SHA1

    4c36ccd42d869fccb10448e372e68edbc42dd035

  • SHA256

    53a7a2bf921af33a9f6f70110da48a6d63d875435e62aac955cf012c528d2b28

  • SHA512

    a7434e0b8aad158e5e8edcf98dc58e17683ab8d3f3135c93c57a10db1c6a5f1b5a4e263d74629069bbd4924d421280de5cf2c509bbb95c1bac9d90125acba45f

  • SSDEEP

    12288:MqkMloFmTXO+zJrRPfdGU7ZTjQ3rdPzW8ZBFnSRIooScFjxDGvh:MLMX1dRPfdTeWkXnSnoSajGh

  Score

  10^/10

  salitybackdoordefense_evasiondiscoverypersistencetrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Executes dropped EXE

  • Windows security modification

    defense_evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1