W32/Generic.C!tr

description-logoAnalysis


W32/Generic.C!tr is a generic detection for a type of trojan that uses a polymorphic custom packer. Since this is a generic detection, malware that are detected as W32/Generic.C!tr may have varying behavior.
Below are examples of some of these behaviors:

  • It creates the following files:
    • undefinedAppDataundefined\Mozilla\{Random 7 Letters}.dll: This can be detected as W32/Agentb.AAKP!tr.
    • undefinedAppDataundefined\Mozilla\{Random 7 Letters}.exe: This is a copy of itself with eight bytes appended and is also detected as W32/Generic.C!tr.

  • It adds the following registry to enable its automatic execution:
    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    • value: AppInit_DLLs
    • data: undefinedAppDataundefined\Mozilla\{Random 7 Letters}.dll

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2022-05-31 90.02802
2022-05-25 90.02622
2022-03-08 90.00283
2021-10-05 89.05661
2021-09-28 89.04190
2021-09-07 88.00941
2021-06-22 87.00103
2021-06-15 86.00934
2021-06-08 86.00766
2021-06-01 86.00601