Extracted

• • Target

    aef271ec6b8696881630a5e46d43c6ac1cbcf3e799d04bf672653b55f23e5833

  • Size

    1.9MB

  • MD5

    996836c8a53ad8fb6f1640a41d69f8f0

  • SHA1

    93d00f2ba66bcb9e908b3d106956ee33883c622f

  • SHA256

    aef271ec6b8696881630a5e46d43c6ac1cbcf3e799d04bf672653b55f23e5833

  • SHA512

    6dc82ae0278cd2727699a9820fff3a20aa4243c2b14a6b43485b90223c5d40928817fea815bb1ce96b0c80cf62a388f93c61400fc8028d32242996e4ff432cf4

  • SSDEEP

    49152:BT/Il99uLv3/52VhWnTikbUOF6Go4o80ysjwd0wOt:p/Il99uj3kVhWnGkUG3o80ysjw

  Score

  10^/10

  salitybackdoordefense_evasiondiscoverytrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2