Extracted

• • Target

    14831fbef9a0f594287140b279c209e953c5af0f09df933552d8205bcd8a6964.exe

  • Size

    381KB

  • MD5

    d75424c803eb7d843e2569a972e2ecc1

  • SHA1

    09978cd6a3c99d8e1dacda30a2b53602d4e73832

  • SHA256

    14831fbef9a0f594287140b279c209e953c5af0f09df933552d8205bcd8a6964

  • SHA512

    d3e8f610f079ce6af10aa17f81e87b871ccbad6492addca00bee2185ff937f2f2f99baead4fb8e26e2b167d5c28c390e5f4cead2b95f27f0badc392edc40114b

  • SSDEEP

    6144:NYMBlUgPcOFgqw+0Rs7cqyEcuFIqjHiegfN5n:NYMlUVOFgBEcqjHQNV

  Score

  10^/10

  discoveryphorphiexsalitybackdoordefense_evasionloaderpersistencetrojanupxworm

  • Modifies Windows Defender Real-time Protection settings

    defense_evasiontrojan

  • Modifies firewall policy service

    defense_evasion

  • Phorphiex family

    phorphiex

  • Phorphiex, Phorpiex

    Phorphiex or Phorpiex Malware family which infects systems to distribute other malicious payloads such as ransomware, stealers and cryptominers.

    wormtrojanloaderphorphiex

  • Sality

    Sality is backdoor written in C++, first discovered in 2003.

    backdoorsality

  • Sality family

    sality

  • UAC bypass

    defense_evasiontrojan

  • Windows security bypass

    defense_evasiontrojan

  • Deletes itself

  • Executes dropped EXE

  • Windows security modification

    defense_evasiontrojan

  • Adds Run key to start application

    persistence

  • Checks whether UAC is enabled

    defense_evasiontrojan

  • Enumerates connected drives

    Attempts to read the root path of hard drives other than the default C: drive.

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  behavioral1behavioral2