virus logo Virus

W32/Kryptik.OOU!tr

description-logoAnalysis


 W32/Kryptik.OOU!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Kryptik.OOU!tr may have varying behavior.
Below are examples of some of these behavior:

  • It makes the following network connections:
    • Makes a HTTP request with user-agent: "little update" to ita[REMOVED]/fpdf/2804UKm.dat.

  • If the response from ita[REMOVED]/fpdf/2804UKm.dat  contains an executable file, it attempts to write it to the current directory and executes it as sedil.exe.
  • It may use the PDF icon to masquerade as a PDF file.
  • Attempts to delete the original file from the file path found in the overlay.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2021-07-13 87.00600
2020-10-20 81.23000 Sig Updated
2019-12-31 74.20200 Sig Updated
2019-12-21 73.95600 Sig Updated
2019-05-03 68.25100 Sig Updated
2019-05-03 68.24700 Sig Updated
ID 6207799
Released May 15, 2014
Description
Updated		 Feb 17, 2017
Aliases Troj/Upatre-BN, Win32/Kryptik.CATM trojan
Platform Profile Win32 file format / PE 32 bit