VirusW32/Generic.SMF!tr
Analysis
W32/Generic.SMF!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Generic.SMF!tr may have varying behaviour.
Below are examples of some of these behaviours:
- This malware drops the following files:
- undefinedTempundefined\[Random].bat : This file is detected as BAT/Small.NAN!tr .
- The malware attempts to connect to the following sites:
- engrseltev{Removed}.com/steve/panel/gate.php
- lokpanel{Removed}.info/tbankz/admin1/fre.php
- Some of these malwares have been observed to be corrupted or none functioning.
- The original copy of the malware may be deleted after execution.
- This malware may check the registry as part of its anti-virtualization or anti-debugging techniques.
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extreme | |
| FortiClient | |
| Extended | |
| FortiMail | |
| Extended | |
| FortiSandbox | |
| Extended | |
| FortiWeb | |
| Extended | |
| Web Application Firewall | |
| Extended | |
| FortiIsolator | |
| Extended | |
| FortiDeceptor | |
| Extended | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2020-07-28 | 79.21600 | Sig Updated |
| 2020-06-02 | 77.87200 | Sig Updated |
| 2020-05-26 | 77.70500 | Sig Updated |
| 2020-04-21 | 76.87400 | Sig Updated |
| 2020-03-12 | 75.90500 | Sig Updated |
| 2020-03-07 | 75.79400 | Sig Added |
| 2019-09-05 | 71.39200 | Sig Updated |
| 2019-08-27 | 71.17600 | Sig Updated |
| 2019-08-07 | 70.55300 | Sig Updated |
| 2019-07-21 | 70.14400 | Sig Added |