virus logo Virus

W32/Bublik.AAB!tr

description-logoAnalysis


  • Upon execution, it drops a copy of itself to the user's Temporary folder. This dropped copy has the full path and file name of the original malware sample appended to its overlay. The most common file names observed during our tests are as follows:
    • hhcbrnaff.exe
    • wezeda.exe

  • After execution, the original malware sample is deleted.

  • This malware disguises itself by using an Adobe PDF icon.

  • This malware is very much similar in behavior with W32/Small.AAB!tr. For more information, please see this blog post.

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2020-12-02 82.26800 Sig Updated
2020-03-08 75.81000 Sig Updated
2019-04-16 67.84200 Sig Updated
2019-04-02 67.50600 Sig Updated
2019-03-16 67.11000 Sig Updated
2019-03-16 67.10200 Sig Updated
2019-03-16 67.09400 Sig Updated
2019-02-26 66.67300 Sig Updated
ID 5500624
Released Sep 04, 2013
Description
Updated		 Dec 02, 2013
Aliases W32/Bublik.BFUW!tr, Trojan.Win32.Bublik.bfuw, Troj/PWSZbot-I, Win32/TrojanDownloader.Small.AAB, TROJ_UPATRE.ZB, W32/Small.AAB!tr
Platform Profile Win32 file format / PE 32 bit