W32/Generic.SMF!tr
Analysis
W32/Generic.SMF!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Generic.SMF!tr may have varying behaviour.
Below are examples of some of these behaviours:
- This malware drops the following files:
- undefinedTempundefined\[Random].bat : This file is detected as BAT/Small.NAN!tr .
- The malware attempts to connect to the following sites:
- engrseltev{Removed}.com/steve/panel/gate.php
- lokpanel{Removed}.info/tbankz/admin1/fre.php
- Some of these malwares have been observed to be corrupted or none functioning.
- The original copy of the malware may be deleted after execution.
- This malware may check the registry as part of its anti-virtualization or anti-debugging techniques.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |
Version Updates
Date | Version | Detail |
---|---|---|
2020-07-28 | 79.21600 | Sig Updated |
2020-06-02 | 77.87200 | Sig Updated |
2020-05-26 | 77.70500 | Sig Updated |
2020-04-21 | 76.87400 | Sig Updated |
2020-03-12 | 75.90500 | Sig Updated |
2020-03-07 | 75.79400 | Sig Added |
2019-09-05 | 71.39200 | Sig Updated |
2019-08-27 | 71.17600 | Sig Updated |
2019-08-07 | 70.55300 | Sig Updated |
2019-07-21 | 70.14400 | Sig Added |