W32/Small.DMA!tr.dldr
Analysis
W32/Small.DMA!tr.dldr - 06-09-01
, with file size 6728
Files:
- Copies itself to: undefinedSystemDirectoryundefined
Installation to System:
- When run, it copies itself to:
undefinedWINDOWSundefined\scvc.exe
- And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ttool = "undefinedWINDOWSundefined\scvc.exe", where undefinedWINDOWSundefined refers to the Windows folder HKEY_CURRENT_USER\Software\Microsoft\InetData k1 = [random dword value] k2 = [random dword value] Data = [random hex value]
More Info:
This is downloaded by W32/Dloadr.AMA!tr.dldr. When executed, it copies itself to the Windows folder as scvc.exe and executes that copy. This malware monitors window information for typed user IDs and passwords. It has the capability to send this information to a remote server.Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |