Virus

W32/Small.DMA!tr.dldr

Analysis

W32/Small.DMA!tr.dldr - 06-09-01

, with file size 6728

Files:

Copies itself to: undefinedSystemDirectoryundefined

Installation to System:

When run, it copies itself to:
```
undefinedWINDOWSundefined\scvc.exe
```

And creates these registry entries:

	HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
	  ttool = "undefinedWINDOWSundefined\scvc.exe", where undefinedWINDOWSundefined refers to the Windows folder

	HKEY_CURRENT_USER\Software\Microsoft\InetData
	  k1 = [random dword value]
	  k2 = [random dword value]
	  Data = [random hex value]

More Info:

This is downloaded by W32/Dloadr.AMA!tr.dldr. When executed, it copies itself to the Windows folder as scvc.exe and executes that copy. This malware monitors window information for typed user IDs and passwords. It has the capability to send this information to a remote server.

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

ID	280007
Released	Sep 01, 2006
Description Updated	Sep 01, 2006
Aliases	Trojan-Downloader.Win32.Small.dma, Spy-Agent.bg, DeepScan:Generic.Malware.Sdld!!g.A8237CCC
Platform Profile	Win32 file format / PE 32 bit
Profile Type	Trojan Downloader (tr.dldr)

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Virus

W32/Small.DMA!tr.dldr

Analysis

Telemetry

Detection Availability

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/Small.DMA!tr.dldr

Analysis

Telemetry

Detection Availability

Threat Intelligence
Center