Extracted

• • Target

    42b25666cf51b855c1e137e115f6903e7a438c6c947e96fa6bf3e84da273e836

  • Size

    120KB

  • MD5

    a7c7e300395ce343583e0507f0fd5dc6

  • SHA1

    3db2e09ae1ee2e2773fddea25b4e25d3ee5d4b14

  • SHA256

    42b25666cf51b855c1e137e115f6903e7a438c6c947e96fa6bf3e84da273e836

  • SHA512

    fcaba8d6e89c8a4526ef7b4491781919db6a76930701c2645cbdeab9020d3d676c53c7c5f47deb7547f07c5a050fc3f973037caac5b1840895a8de4d6682a9fa

  • SSDEEP

    3072:k3rP9/eew0jLiw+Fp3kcQFuRWguQH1GaabU4UooJr:k3rP9/Jw0niw+F6FoWYGaaI4UJ

  Score

  10^/10

  salitybackdoordefense_evasiondiscoverytrojanupx

  • Modifies firewall policy service

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2