I looking for sality virus that is 539 kb i think is sality.aa or sality.h

[FirstBlood12]

I tried to find this sample on many websites but I failed. Can someone give me this sample please?

[VISWESWARAN1998]

Which sample do you need?

1. https://www.virustotal.com/gui/file/96c77e1d8e1a7c10ebc0fb8a006c86a252fbcbbb51507acb8420fa85153e4e74/detection

2. https://www.virustotal.com/gui/file/62a61d9f8d6e5fb94697d7b9bd1d5e65daf0f45bcbd5f006728bae57952542a5/detection

both has sality but the file size did not match

[VISWESWARAN1998]

I believe you are looking for this? (This sality sample has similar file size which you mentioned)

1. https://www.virustotal.com/gui/file/36dbff770fb4c94b9b26196c0fc32a4480b0e89992c0914c240fb196fb8daf58/detection/f-36dbff770fb4c94b9b26196c0fc32a4480b0e89992c0914c240fb196fb8daf58-1584691388

[Hildaboo]

Nice proper english andrej.

[FirstBlood12]

I believe you are looking for this? (This sality sample has similar file size which you mentioned)

https://www.virustotal.com/gui/file/36dbff770fb4c94b9b26196c0fc32a4480b0e89992c0914c240fb196fb8daf58/detection/f-36dbff770fb4c94b9b26196c0fc32a4480b0e89992c0914c240fb196fb8daf58-1584691388

Actually I looking for sality variant that creates C:\Win\lsass.exe file and it have folder icon, the file version is 0.0.0.0 and is 539 kb

https://virusinfo.info/showthread.php?t=124789 and https://forum.donanimhaber.com/virus-win32-sality-aa-virusu--28315924-16

[fatass-max]

I need a tutor , USA@boardermail.com

[ytisf]

Sality is a bity tricky as it infected basically all PE files and matches their PEHeaders. If you have a particular hash/samples just point us in the right way.