virus logo Virus

W32/Wauchos.AF!tr

description-logoAnalysis


W32/Wauchos.AF!tr is a generic detection for a type of trojan that drops other malware onto the compromised computer. Since this is a generic detection, files that are detected as W32/Wauchos.AF!tr may have varying behavior.
Below are examples of some of these behavior:

  • Creates a copy of itself to the All Users' Profile folder using a randomized name.

  • Adds the following registry to enable its automatic execution:
    • key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\polices\Explorer\Run
    • value: [Random Digits]
    • data: undefinedAllUsersProfileundefined\[Random Letters].exe

  • Employs techniques against emulators and security-related tools.

  • The original copy of the malware is deleted after execution.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-02-27 91.00974
2022-11-14 90.07831
2022-09-13 90.05950
2022-08-30 90.05531
2022-07-14 90.04161
2022-06-21 90.03462
2019-09-05 71.39200 Sig Updated
2019-08-28 71.20000 Sig Updated
2019-04-02 67.50600 Sig Updated
ID 6254261
Released Jun 30, 2014
Description
Updated		 Aug 11, 2014
Aliases Trojan-Ransom.Win32.Blocker.fcnj (KAV), Win32/TrojanDownloader.Wauchos.AF trojan (NOD32)
Platform Profile Win32 file format / PE 32 bit