W32/Vidlo.G!tr
Analysis
This Trojan is 32-bit with an FSG packed file size of 2848 bytes. If the Trojan is run, it will lie dormant in memory waiting for a moment when the system accesses the Internet.
Once a connection to the Internet is made, this Trojan attempts to download a file named "counter.bmp" from a website 'ntuaa-dfw.org'. The file is saved to the undefinedTempundefined folder as "temp25.exe" and run.
At the time of this write-up, the file "counter.bmp" did not exist and a system error was displayed when "temp25.exe" was run.
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |