virus logo Virus

MSIL/Sharik.TLX!tr

description-logoAnalysis


MSIL/Sharik.TLX!tr is a generic detection for a type of trojan that drops malware onto the compromised computer. Since this is a generic detection, files that are detected as MSIL/Sharik.TLX!tr may have varying behavior.
Below are examples of some of these behavior:

  • It creates a subfolder in the user's Application Data folder using a randomized name. It then drops a copy of itself with a randomized name into this newly created folder.

  • It creates the following registry entry to automatically execute its dropped file every time the infected user logs in:
    • key:HCKU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
    • value:[Random]
    • data: undefinedAppDataundefined\[Random]\[Random].exe

  • It injects malicious codes into the svchost.exe  process.

  • It deletes its original copy from the current folder.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2023-01-24 90.09944
ID 6367389
Released Sep 04, 2014
Description
Updated		 Oct 09, 2014
Aliases Trojan.Win32.Sharik.tlx, RDN/Downloader.a!sx trojan, Troj/MSIL-AFP, TROJ_MMSIL.JS, W32/Trojan3.KOG, Trojan.GenericKD.1841376, Win32/TrojanDownloader.Zurgop.BK trojan, Trj/Dofoil.D, MSIL4.BVVH, Trojan.GenericKD.1841376, TR/Crypt.Xpack.87745, BackDoor.Tishop
Platform Profile Microsoft Intermediate Language (used for MSIL compiled binaries)