This Trojan is 32-bit with an FSG packed file size of 2848 bytes. If the Trojan is run, it will lie dormant in memory waiting for a moment when the system accesses the Internet.
Once a connection to the Internet is made, this Trojan attempts to download a file named "counter.bmp" from a website 'ntuaa-dfw.org'. The file is saved to the undefinedTempundefined folder as "temp25.exe" and run.
At the time of this write-up, the file "counter.bmp" did not exist and a system error was displayed when "temp25.exe" was run.
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option