Home / malware

PDF

TrojanDropper:Win32/Sality.AU

First posted on 28 September 2019.
Source: Microsoft

Aliases :

TrojanDropper:Win32/Sality.AU is also known as Dropped:Win32.Sality.3, Win32/Sality.AE, Trojan.Win32.Visel.akgz, Trojan.PSW.Win32.GameOLudx, Mal/Sality-D, PE_SALITY.LNK-O.

Explanation :

TrojanDropper:Win32/Sality.AU is a trojan that drops the virus . The trojan may be executed by Exploit:Win32/CplLnk.A.Win32/Sality.AUTrojanDropper:Win32/Sality.AU may be dropped in network share folders and executed by . When the trojan dropper runs, it creates a mutex named "" to avoid running more than once. TrojanDropper:Win32/Sality.AU also modifies the configuration file "" to log its first run.Exploit:Win32/CplLnk.Aop1mutx9system.ini TrojanDropper:Win32/Sality.AU drops file under folder named as .exe and launch it. The dropped file may be detected as Virus:Win32/Sality.AU. Bypasses Windows firewallTrojanDropper:Win32/Sality.AU modifies the registry to bypass Windows Firewall. Add value: "" With data: ":*:enabled:ipsec"In subkey: HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsList
 For more information about , see the description elsewhere in the encyclopedia.Virus:Wiin32/Sality.AU  Analysis by Shawn WangInstallationPayloadAdditional Information

Last update 28 September 2019

 

TOP