W32/PackGamania.A!tr
Analysis
W32/PackGamania.A!tr are malware files packed by a private packer resembling ASPack. Its main purpose is to steal information such as passwords used for the Gamania online game.
The malware has the following behavior when executed :
- Copies itself in the undefinedsystemundefined folder.
- Deletes itself from the folder where the user executed the malware
- Sometimes opens a "clean" file such as a picture to let the user think that it is not malicious.
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |