Win32.Sality.OG malicious file

The Win32.Sality.OG is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

6-day free trial available.

What Win32.Sality.OG virus can do?

Unconventionial binary language: Russian
The binary contains an unknown PE section name indicative of packing
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid

How to determine Win32.Sality.OG?


File Info:
name: AC2E79A3044A06C6D1F1.mlw
path: /opt/CAPEv2/storage/binaries/ff0b1b3f57ebe81484ea580a26bd881682c1bdab54cdf1dea4d7a6b8e17b58a0
crc32: B87E2774
md5: ac2e79a3044a06c6d1f123f73a1f392d
sha1: 5395cb9d5c1f169f0118fb7f7101e693c5380ba9
sha256: ff0b1b3f57ebe81484ea580a26bd881682c1bdab54cdf1dea4d7a6b8e17b58a0
sha512: 5a2c112ed61e80a0ba4a8c4ae7f48d163d7e8e3f45dc842123de32f87f3d913c3d2df4fee9aa01adfabfbdc19fb12795f4edbfe0110111ee237e3dad20164df8
ssdeep: 6144:/C28HTszv0kVi7aA/mpu1JpDXEpXsGKLu8NE04SerNuAS2n:pOi0kg7reg9DUtmxF7V2n
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1B964BF3634E08473F443003026B97FB6F6FAFE3217715887D7586F4A6E76A96C226216
sha3_384: 34a32a657c5bae5518c5414a3fea5d49061b4008115800f49a7814e1f0daf85c319e5a903452dfe8f1dff21b3c45666d
ep_bytes: 60510faff18d2dd34ae5145e15b5a4d7
timestamp: 2003-04-10 21:51:10

Version Info:
Comments:                                                             
CompanyName: Adobe Systems Incorporated                                  
FileDescription: Setup Launcher                                              
FileVersion: 7.0.5                                                        
InternalName: setup.exe
OriginalFilename: setup.exe
LegalCopyright: Copyright (C) 2003 InstallShield Software Corp.          
ProductName: Adobe Reader 7.0.5 - Russian                                         
ProductVersion: 7.0.5                                                       
Translation: 0x0419 0x04e4

Win32.Sality.OG also known as:

Bkav	W32.Sality.PE
Lionic	Virus.Win32.Generic.n!c
DrWeb	Win32.Sector.17
MicroWorld-eScan	Win32.Sality.OG
FireEye	Generic.mg.ac2e79a3044a06c6
CAT-QuickHeal	W32.Sality.R
Skyhigh	W32/Sality.gen.z
McAfee	W32/Sality.gen.z
Cylance	unsafe
Zillya	Virus.Sality.Win32.15
Sangfor	Virus.Win32.Sality.NAU
K7AntiVirus	Virus ( f10001021 )
Alibaba	Virus:Win32/Sality.20fb39a2
K7GW	Virus ( f10001021 )
Cybereason	malicious.d5c1f1
BitDefenderTheta	AI:FileInfector.2A9374620F
VirIT	Win32.Sality.AA
Symantec	W32.Sality.AE
Elastic	malicious (high confidence)
ESET-NOD32	Win32/Sality.NAU
APEX	Malicious
Cynet	Malicious (score: 100)
Kaspersky	Virus.Win32.Sality.sil
BitDefender	Win32.Sality.OG
NANO-Antivirus	Virus.Win32.Sality.gcen
Avast	Win32:Kukacka [Inf]
Tencent	Virus.Win32.TuTu.A.200000
Emsisoft	Win32.Sality.OG (B)
F-Secure	Malware.W32/Sality.Y
Baidu	Win32.Virus.Sality.b
VIPRE	Win32.Sality.OG
TrendMicro	PE_SALITY.JER
Trapmine	suspicious.low.ml.score
Sophos	W32/Sality-AM
SentinelOne	Static AI – Suspicious PE
GData	Win32.Sality.OG
Jiangmin	Win32/HLLP.Kuku.poly
Google	Detected
Avira	W32/Sality.Y
MAX	malware (ai score=100)
Antiy-AVL	Virus/Win32.Sality.gen
Kingsoft	Win32.Sality.ab.173464
Xcitium	Virus.Win32.Sality.gen@1egj5j
Arcabit	Win32.Sality.OG
ViRobot	Win32.Sality.Gen.A
ZoneAlarm	Virus.Win32.Sality.sil
Microsoft	Virus:Win32/Sality.AM
Varist	W32/Sality.AK
AhnLab-V3	Win32/Kashu.B
VBA32	Virus.Win32.Sality.baka
ALYac	Win32.Sality.OG
TACHYON	Virus/W32.Sality
Panda	W32/Sality.AK
TrendMicro-HouseCall	PE_SALITY.JER
Rising	Virus.Sality!1.A5BD (CLASSIC)
Yandex	Win32.Sality.AP.Gen
Ikarus	Virus.Win32.Sality
MaxSecure	Virus.Sality.AA
Fortinet	W32/Sality.AA
AVG	Win32:Kukacka [Inf]
DeepInstinct	MALICIOUS
CrowdStrike	win/malicious_confidence_100% (W)

How to remove Win32.Sality.OG?

Win32.Sality.OG removal tool

Download and install GridinSoft Anti-Malware.
Open GridinSoft Anti-Malware and perform a “Standard scan“.
“Move to quarantine” all items.
Open “Tools” tab – Press “Reset Browser Settings“.
Select proper browser and options – Click “Reset”.
Restart your computer.

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

Leave a Comment X