VirusW32/Injector.K!tr
Analysis
W32/Injector.K!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Injector.K!tr may have varying behavior.
Below are examples of some of these behavior:
- It drops the following files:
- undefinedAppDataundefined\[Random]\[Random]\1.0.0.0\java update.exe : This file is also detected as W32/Injector.K!tr.
- undefinedTempundefined\rundll32cyutlhtjyuir.exe : This file is also detected as W32/Injector.K!tr.
- Creates the following autorun registry entries for its dropped files:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- java update = undefinedAppdataundefined\[Random]\[Random]\1.0.0.0\java update.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- rundll32 = undefinedTempundefined\rundll32cyutlhtjyuir.exe
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run
- Network activities are observed to perform DNS queries on the following sites:
- glx[Removed]org
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extreme | |
| FortiClient | |
| Extended | |
| FortiMail | |
| Extended | |
| FortiSandbox | |
| Extended | |
| FortiWeb | |
| Extended | |
| Web Application Firewall | |
| Extended | |
| FortiIsolator | |
| Extended | |
| FortiDeceptor | |
| Extended | |
| FortiEDR |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2022-11-21 | 90.08043 | |
| 2022-11-07 | 90.07624 | |
| 2019-12-17 | 73.86100 | Sig Updated |
| 2019-10-25 | 72.58100 | Sig Updated |
| 2019-08-27 | 71.17600 | Sig Updated |
| 2019-08-06 | 70.52400 | Sig Updated |
| 2019-07-21 | 70.14600 | Sig Updated |
| 2019-06-27 | 69.55900 | Sig Updated |
| 2019-06-04 | 69.01700 | Sig Updated |
| 2019-05-28 | 68.84900 | Sig Updated |