68df38b654f79ac7355c5d0d2f909138.exe
68df38b654f79ac7355c5d0d2f909138
e8db33d330e4af505131be33e41ce7684e88a7dd
5aff6c65cd2f10cf7def684d51e195428d2d5864f2df3df64c
* File name: C:\Users\vmware\Desktop\malware\Virus.Win32.Sality.exe
* Creates value "(Default)=31" in key HKEY_CURRENT_USER\software\SandboxAutoExec
* Creates value "SandboxieRpcSs.exe=Sandboxie COM Services (RPC)" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Program Files\Sandboxie
binary data=530061006E00640062006F00780069006500200043004F004D002000530065007200760069006300650073002000280052005000430029000000
* Creates value "Virus.Win32.Sality.exe=Virus.Win32.Sality.exe" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Users\vmware\Desktop\malware
binary data=560069007200750073002E00570069006E00330032002E00530061006C006900740079002E006500780065000000
* Creates value "Virus.Win32.Sality.~01=Macromedia Flash Player 6.0 r21" in key HKEY_CURRENT_USER\software\classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware
binary data=4D006100630072006F006D006500640069006100200046006C00610073006800200050006C006100790065007200200036002E003000200020007200320031000000
* Modifies file C:\Boot\memtest.exe
* Modifies file C:\bsa\BSA.EXE
* Modifies file C:\bsa\EXEINFO.EXE
* Modifies file C:\bsa\HAPI.EXE
* Modifies file C:\bsa\LANG\Translator.exe
* Modifies file C:\bsa\MAEC\bsa_to_maec.exe
* Modifies file C:\bsa\MDMP32.EXE
* Modifies file C:\bsa\MDMP64.EXE
* Modifies file C:\bsa\PCAP\UUDEVIEW.EXE
* Creates file (hidden) C:\Users\vmware\Desktop\malware\Virus.Win32.Sality.~01
no change
* Keylogger functionality.
* Checks for debuggers.
* Creates process "null, C:\Users\vmware\Desktop\malware\Virus.Win32.Sality.~01, C:\Users\vmware\Desktop\malware\".
* Injects code into process "C:\Sandbox\vmware\DefaultBox\user\current\Desktop\malware\Virus.Win32.Sality.~01".
* Opens a service named "AudioSrv".
* Creates a mutex "Local\MidiMapper_modLongMessage_RefCnt".
* Sleeps 419 seconds.
1.Download Sniper Antivirus
2.Install the exe file on your system.
3.Full Scan your Computer OR Folder where 68df38b654f79ac7355c5d0d2f909138.exe located.
4.Once the scan is finished, you’ll get the message “scan is complete”.
Click OK button to get the results.
5.Then Delete the threat from table.