home

Undelete.exe

Active@ UNDELETE - Data Recovery Toolkit

LSoft Technologies Inc.

The executable Undelete.exe has been detected as malware by 36 anti-virus scanners. Infected by an entry-point obscuring polymorphic file infector which will create a peer-to-peer botnet and receives URLs of additional files to download.
Publisher:
LSoft Technologies Inc.

Product:
Active@ UNDELETE - Data Recovery Toolkit

Version:
9.3.05

MD5:
d3161813d68bd376f0cb4442ce6330ee

SHA-1:
a882e0797cf87a87d99d91298456ea18c59f200c

SHA-256:
eee4308e46e9a55fcff2b21948d918bf922e0a0ba56e7fa1bec3185706a60649

Scanner detections:
36 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
4/25/2024 1:03:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Win32.Sality.3
6339179

Agnitum Outpost
Win32.Sality.BL
7.1.1

AhnLab V3 Security
Win32/Kashu.E
2015.03.28

Avira AntiVirus
W32/Sality.AT
7.11.30.172

avast!
Win32:Sality
150320-0

AVG
Win32/Sality
2014.0.4311

Baidu Antivirus
Virus.Win32.Sality.$Emu
4.0.3.15327

Bitdefender
Win32.Sality.3
1.0.20.430

Bkav FE
W32.Sality.PE
1.3.0.6379

Comodo Security
Virus.Win32.Sality.gen
21556

Dr.Web
Win32.Sector.30
9.0.1.05190

Emsisoft Anti-Malware
Win32.Sality
9.0.0.4799

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.13.68

G Data
Win32.Sality
15.3.25

IKARUS anti.virus
Trojan.Win32.Jorik
t3scan.1.8.9.0

K7 AntiVirus
Virus
13.202.15402

Kaspersky
Virus.Win32.Sality
15.0.0.543

McAfee
Trojan.Artemis!2FB8E6287A3E
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.195.475.0

MicroWorld eScan
Win32.Sality.3
16.0.0.258

NANO AntiVirus
Virus.Win32.Sality.beygb
0.30.8.659

Norman
Win32.Sality.3
03.12.2014 13:20:04

nProtect
Virus/W32.Sality.D
15.03.27.01

Panda Antivirus
W32/Sality.AA
15.03.27.09

Quick Heal
W32.Sality.U
3.15.14.00

Rising Antivirus
PE:Win32.KUKU.kt!1591113
23.00.65.15325

Sophos
Mal/Sality-D
4.98

Total Defense
Win32/Sality.AA
37.0.11517

Trend Micro House Call
PE_SALITY.RL
7.2.86

Trend Micro
PE_SALITY.RL
10.465.27

Vba32 AntiVirus
Virus.Win32.Sality.bakc
3.12.26.3

VIPRE Antivirus
Threat.4721115
38552

ViRobot
Win32.Sality.Gen.A[h]
2014.3.20.0

Zillya! Antivirus
Virus.Sality.Win32.20
2.0.0.2118

File size:
9.2 MB (9,676,288 bytes)

Product version:
9.3.05

Copyright:
Copyright © 1999 - 2014 LSoft Technologies Inc.

Trademarks:
All Rights Reserved

Original file name:
Undelete.exe

File type:
Executable application (Win32 EXE)

Language:
Ruso

Common path:
C:\Program Files\lsoft technologies\active@ undelete enterprise\undelete.exe

File PE Metadata
Compilation timestamp:
3/25/2014 3:59:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
196608:s/gEka4I8ammDkDzb6MPaOveYNqECA3O2yXJLbEgY687fAuPHehKp18ZI:sb87mDkTd87Qe2yBbEJ7YuP+gkI

Entry address:
0xF4A040

Entry point:
85, DF, 75, 03, 0F, AF, F0, 14, AB, 87, DD, 22, F8, 81, DB, FB, 58, B3, 54, C6, C5, 84, C7, C3, 4E, EB, 92, CC, 0F, AF, C9, 02, C3, 0F, BF, C0, 09, D1, 85, EA, 33, F6, 43, F2, 43, 0B, F7, 24, 42, F6, C1, B3, FE, C9, 8B, C6, 8B, D6, 39, D8, F2, 84, D2, 0F, AF, F7, 86, DF, 8D, 3A, 8B, C5, F6, C4, 92, F2, 46, 8B, EF, FE, CF, 0F, AF, EF, 87, DD, 8D, 05, 09, 9D, FB, A9, 0F, AF, DB, F3, 8D, 1D, B4, 0A, 51, 26, 01, DA, 8B, CD, E8, 17, 00, 00, 00, F7, C7, 0F, 12, E1, 67, 87, D3, 87, D1, 87, EB, F6, C1, 44, 80, C9...
 
[+]

Code size:
8.8 MB (9,244,672 bytes)

Remove Undelete.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.