PE_SALITY.BBC

October 09, 2012

• Email
• Facebook
• 
  Twitter
• Google+
• Linkedin

 Analysis by: Sabrina Lei Sioting

---

 PLATFORM:

Windows 2000, Windows XP, Windows Server 2003

 OVERALL RISK RATING:

 DAMAGE POTENTIAL:

 DISTRIBUTION POTENTIAL:

 REPORTED INFECTION:

• 
  Threat Type: File infector
• 
  Destructiveness: No
• 
  Encrypted: Yes
• 
  In the wild: Yes

  OVERVIEW

This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

  TECHNICAL DETAILS

File Size:

Varies

File Type:

EXE

Memory Resident:

Yes

Initial Samples Received Date:

27 Sep 2011

Arrival Details

This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

NOTES:

Other Details

This is the Trend Micro detection for:

SALITY mother infectors that creates the following specific mutex:

• .exeM_[0-9][0-9][0-9].*_
• .exeM_[0-9][0-9][0-9][0-9].*_
• uxJLpe1m
• Ap1mutx7