W32/Tenga.A

description-logoAnalysis

  • This malware is a Win32 Infector.

  • The appended virus code is approximately 3665 bytes.

  • This virus creates a Mutex named "gaelicum", to check if its running already in memory.

  • The malware appears to access utenti.lycos.it and issues an FTP command GET for a certain DL.EXE.

  • The malware searches for ".exe" files within undefinedSystemundefined folder and infectes them.
  • recommended-action-logoRecommended Action

    FortiGate systems:

  • check the main screen using the web interface to ensure the latest AV/NIDS database has been downloaded and installed -- if required, enable the "Allow Push Update" option
  • Telemetry logoTelemetry

    Detection Availability

    FortiGate
    FortiClient
    FortiAPS
    FortiAPU
    FortiMail
    FortiSandbox
    FortiWeb
    Web Application Firewall
    FortiIsolator
    FortiDeceptor
    FortiEDR

    Version Updates

    Date Version Detail
    2023-02-07 91.00363
    2023-01-24 90.09944
    2023-01-17 90.09734
    2023-01-10 90.09530
    2023-01-01 90.09261
    2022-12-19 90.08854
    2022-12-15 90.08754
    2022-12-15 90.08752
    2022-12-14 90.08730
    2022-12-12 90.08677