| Sality.Q-1 is a Virus. A Virus is a software program capable of reproducing itself spreading to other programs on the same computer or on other computers via the network. Sality.Q-1 is compressed using the executable packer and its file size is 57,344 bytes. This malware is written in Visual Basic. Sality.Q-1 drops the following files on the hard drive: - C:\WINDOWS\system32\vcmgcd32.dl_ (17878 bytes)
- C:\WINDOWS\system32\vcmgcd32.dll (36864 bytes)
- C:\WINDOWS\TEMP\SYSTEM.INI (43 bytes)
Sality.Q-1 makes the following additional changes to the infected computer: - Creates WindowsHook monitoring keyboard activity.
- Modifies profile key "DEVICE"="55377963itwlbl23667" in section [MCIDRV_VER] of file SYSTEM.INI.
It creates the following mutex to ensure only one instance is running: _kuku_joker_v3.09_. KUKU300a. KUKU301a. It also contains anti-debugging code, monitors the list of running processes.
|
