Malware_fam.A
Analysis
- This is a generic detection for files that appear to resemble a trojan. Files identified should be sent to Fortinet for research and analysis.
- The detection is based on features or characteristics of the file such as its encryption algorithm, restrictions on file size, section sizes and so on.
- Some common examples of the behavior of these files are:
- Create autostart registry entries
- Download a component of itself and execute it
- Install a bot component to enable remote access of the infected host
- Connect to a remote site
- May have the ability to update itself or its download components
- Exploit a known Windows vulnerability to spread itself
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |