SonicALERT
Search

Sonicwall Signatures

 

Go to All Categories list.


  Sality.Q-1
Sality.Q-1 is a Virus. A Virus is a software program capable of reproducing itself spreading to other programs on the same computer or on other computers via the network. Sality.Q-1 is compressed using the executable packer and its file size is 57,344 bytes. This malware is written in Visual Basic.

Sality.Q-1 drops the following files on the hard drive:

  • C:\WINDOWS\system32\vcmgcd32.dl_ (17878 bytes)
  • C:\WINDOWS\system32\vcmgcd32.dll (36864 bytes)
  • C:\WINDOWS\TEMP\SYSTEM.INI (43 bytes)
Sality.Q-1 makes the following additional changes to the infected computer:
  • Creates WindowsHook monitoring keyboard activity.
  • Modifies profile key "DEVICE"="55377963itwlbl23667" in section [MCIDRV_VER] of file SYSTEM.INI.
It creates the following mutex to ensure only one instance is running: _kuku_joker_v3.09_. KUKU300a. KUKU301a. It also contains anti-debugging code, monitors the list of running processes.


Relevant Information