Extracted

• • Target

    5eec89bc43e6009f5c84b052c64de7e124b4b654a0b19c5a9cbb2412996c7248

  • Size

    223KB

  • MD5

    3fa7c7ff9bb6186a647407cc5bb9b9f0

  • SHA1

    afb856f18c5101efe74f3c1e85f4495ad19216fd

  • SHA256

    5eec89bc43e6009f5c84b052c64de7e124b4b654a0b19c5a9cbb2412996c7248

  • SHA512

    520d6ce62f806ada65583b45b7b9fa3af8fffb6e563c0517fcb19398c368564a782606216094d31e86526194f0475d6f853125154dc37c31fde58b472f29ebf2

  • SSDEEP

    3072:OLvt5yCoL2nIW1cBwBkfCcTgt7b2zvx0iYRtLHv4zNOhNugiJi45kqxZ1z5wV:ODyCoL2nHxsTgtPkfSVvwmuY45DvwV

  Score

  10^/10

  discoverysalitybackdoordefense_evasionpersistenceprivilege_escalationtrojanupx

  • Modifies visibility of file extensions in Explorer

    defense_evasion

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Disables RegEdit via registry modification

    defense_evasion

  • Disables Task Manager via registry modification

    defense_evasion

  • Modifies Windows Firewall

    defense_evasion

  • Windows security modification

    defense_evasiontrojan

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops autorun.inf file

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2