virus logo Virus

W32/BAI!tr.dldr

description-logoAnalysis

  • Creates an event object named E8dK894Lm9#sF2i$sOBq2X.

  • Drops the following file:
    • undefinedSYSTEMundefined\wincom32.sys - detected by Fortinet as W32/Groan!tr.rkit.
  • Registers wincom32.sys  as a kernel service named wincom32.

  • Attempts to invoke the wincom32  service to protect itself.

  • Reboots the system after execution.

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extended
    FortiClient
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2022-06-28 90.03672
    2022-04-15 90.01435
    2018-10-09 62.80100 Sig Updated
    ID 326291
    Released Jan 19, 2007
    Description
    Updated    		 Jan 24, 2007
    Aliases W32/Dorf.BET!tr.dldr, W32/Small.DAM!tr
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Downloader (tr.dldr)