Gridinsoft Logo
File Icon

Uploaded_file Virus Sality Analysis

Updated 1 year ago
Checked by Malaware Check
uploaded_file

Technical Analysis

File Name uploaded_file
File Type
PE32 executable (GUI) Intel 80386, for MS Windows
Scanner Version 1.0.138.174
Database Version 2023-09-10 23:01:43 UTC

Virus.Win32.Sality.sa

Malware family: Sality

Sality virus incorporates rootkit and backdoor functionality with peer-to-peer communication capabilities. It enables botnet control of infected systems and primarily targets executable files using polymorphism and Entry Point Obscuration techniques.
N/A
Detection Rate
1,044,664
File Size (bytes)
2023-09-11
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
75ccdcdef795eb29fce506eac14afefe
SHA1
b10413a7657408417c1edc0df93b8484cf2fb294
SHA256
a1cff4cadfe0ac584290326958f44bc2a9a38e71b9e2ff45ef1eb6546e809e6b
SHA512
60413a9bc091e9c8a31a36bb665225fea7493b653e959972bdfa55ba4c6ea24c1a7e4984e7b940cc4a6c369fa61c9113cd085385c2f0d70af0cbd088af873e2d
ImpHash
16d689c642412331a18a3a7a7f18b12b

PE Analysis

Basic Information

Icon
Hash: 7ac1e80fd3d823321bb48907ff0f5e3a
Fuzzy: 7d71c2162649782f4f0ec6ccbe838baa
dHash: e8e0d4ccd4c4e070
Image Base 0x00400000
Entry Point 0x004679d6
Compilation Time 2021-05-18 10:02:10
Checksum 0x00000000 (Actual: 0x00105472)
OS Version 5.1
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows
Digital Signature Unknown certificate revision 21d7
Imports 12 libraries
Exports 0 functions
Resources 15 Resources
Sections 4 Sections

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 537,331 bytes 537,600 bytes 6.57 (Compressed) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 328FE25D613B91462DFC5062E785741D
.rdata 0x00085000 94,252 bytes 94,720 bytes 4.85 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 8496583A2E7F29CF1C66A42644192DA0
.data 0x0009d000 34,944 bytes 24,064 bytes 2.51 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 54FBF703B3B48EA886FB3BB6FF74DE3D
.rsrc 0x000a6000 380,928 bytes 380,928 bytes 6.64 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D9124EC0FBBFB08B246B820BCDD22033
Entropy Analysis Alert

2 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 15 (306,014 bytes)
Resource Type Count Total Size Percentage
LANG 1 1,235 bytes
0.4%
XML 1 39,956 bytes
13.1%
ZIPRES 1 60,560 bytes
19.8%
RT_ICON 10 202,946 bytes
66.3%
RT_GROUP_ICON 1 146 bytes
0%
RT_MANIFEST 1 1,171 bytes
0.4%

Certificate Chain Analysis

No Digital Signatures

This file is not digitally signed.

Security Implications:
  • Cannot verify the publisher's identity
  • Increased security risk when running this file
  • May trigger security warnings on some systems

⚠ This file either lacks a digital signature or the certificate chain could not be verified
Exercise caution when executing unsigned files from unknown sources

Certificate Verification Status

Unknown certificate revision 21d7

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Virus.Win32.Sality.sa Removal

Gridinsoft has the capability to identify and eliminate Virus.Win32.Sality.sa without requiring further user intervention.

Download Anti-Malware

Removal Instructions

Follow these steps to completely remove the threat from your system

  1. Start by downloading Gridinsoft Anti-Malware to your computer.
  2. Double-click on the gsam-en-install.exe file and follow the on-screen instructions to install the program.
  3. Once the installation of Gridinsoft Anti-Malware is complete, the program will open on the Scan screen.
  4. Click on the "Standard Scan" button to begin scanning your computer for threats.
  5. After the scanning process is finished, click on "Clean Now" to remove any detected threats.
  6. If prompted, restart your system to complete the removal process and ensure all threats are eliminated.
Important: Before You Start
Disconnect from the internet to prevent the malware from spreading or downloading additional threats. Run the scan in Safe Mode for better detection and removal of persistent threats.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware