virus logo Virus

W32/Sality.AA

description-logoAnalysis


  • This is a polymorphic virus that infects files that have the EXE and SCR extension names.

  • Drops the following files in the System folder:
    • st114421.dll
    • st114421.dl_

    These files are both detected as W32/KillAV.NH!tr.

  • Drops the file [Random].sys  in the undefinedSystemundefined\drivers folder. This file is detected as W32/KillAV.NE!tr.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-02-14 92.01572
2023-02-21 91.00794
2023-02-16 91.00640
2023-02-14 91.00573
2022-10-18 90.07000
2022-05-25 90.02622
2022-03-31 90.00981
2022-03-08 90.00283
2021-12-26 89.08121
2019-05-03 68.25100 Sig Updated
ID 511936
Released Jul 16, 2008
Description
Updated		 Sep 23, 2009
Aliases Virus.Win32.Sality.ab (KAV), W32/Sality.ad (McAfee), W32/Sality.AN (Panda)
Platform Profile Win32 file format / PE 32 bit