Virus

Analysis

W32/FakeAlert.B!tr - 06-04-04

General Info:

This threat is a "PE" executable file, with file size 32768

Files:

Copies itself to: undefinedSystemDirectoryundefined
Drop files: ".exe"

Installation to System:

When run, it copies itself to:
C:\
Drops the following files:
winstall.exe
And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows installer "C:\winstall.exe"

More Info:

It drops a copy of itself at undefinedrootundefined directory. It also adds a registry entry to enable itself to run at startup.

Telemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2024-03-27	92.02831
2024-03-25	92.02774
2024-02-08	92.01382
2024-02-01	92.01180
2024-01-22	92.00882
2024-01-17	92.00732
2023-12-08	91.09540
2023-12-03	91.09380
2023-09-19	91.07104
2023-09-12	91.06894

ID	67987
Released	Mar 23, 2006
Description Updated	Mar 23, 2006
Aliases	W32/FakeAlert.B-tr
Platform Profile	Win32 file format / PE 32 bit

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

W32/FakeAlert.B!tr

Analysis

Telemetry

Detection Availability

Version Updates

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/FakeAlert.B!tr

Analysis

Telemetry

Detection Availability

Version Updates

Threat Intelligence
Center