W32/FakeAlert.B!tr
Analysis
W32/FakeAlert.B!tr - 06-04-04
General Info:
This threat is a "PE" executable file, with file size 32768
Files:
- Copies itself to: undefinedSystemDirectoryundefined
- Drop files: ".exe"
Installation to System:
- When run, it copies itself to:
C:\ - Drops the following files:
winstall.exe - And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows installer "C:\winstall.exe"
More Info:
It drops a copy of itself at undefinedrootundefined directory. It also adds a registry entry to enable itself to run at startup.
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |