Virus

Analysis

W32/Sality.L - 06-08-09

General Info:

This threat is a "PE" executable file

Virus Classification:

File Infector

More Info:

1. Drops the following file and loads it:

	undefinedSYSTEMundefined\wmimgr32.dll (Fortinet detects it as "W32/Sality.L")

   It is the infection component of the virus.

2. Infects executable files located in the compromised machine. It uses the
   entry point obscuring (EPO) infection method. Once infection, it modifies
   the structure of its target files by replacing the first 104 bytes from the
   entry point section. It saves them within its code, and then it attaches
   the virus code to the last section of the target file.

3. Injects the DLL file "wmimgr32.dll" into running processes.

Telemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2023-01-17	90.09734
2022-12-13	90.08684
2021-06-29	87.00261
2021-04-16	85.00506

ID	158904
Released	Aug 09, 2006
Description Updated	Aug 09, 2006
Aliases	Virus.Win32.Sality.l, PE_SALITY.AE, W32/Sality.K
Platform Profile	Win32 file format / PE 32 bit

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

W32/Sality.L

Analysis

Telemetry

Detection Availability

Version Updates

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/Sality.L

Analysis

Telemetry

Detection Availability

Version Updates

Threat Intelligence
Center