W32/QQHelper.KX!tr.dldr
Analysis
run.exe
file run.exe is dropped in the current folder where the original sample is executed.
undefinedSystemDirundefined\-10895.exe = "undefinedSystemDirundefined\-10895.exe:*:Enabled:"
Recommended Action
- check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded
and installed -- if required, enable the "
Allow Push Update" option
- Quarantine/Delete infected files detected and replace
infected files with clean backup copies
FortiGate systems:
FortiClient systems:
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |