ID	71099
Released	Apr 11, 2006
Description Updated	Aug 07, 2013

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Threat Profile

Aliases:

HEUR:Trojan.Win32.Generic (KAV)
a variant of Win32/Injector.AHDJ trojan (NOD32)
Troj/Gyepis-C (Sophos)

Platform: W32

Win32 file format / PE 32 bit

Update History

Date	Version	Detail
2022-05-31	90.02802
2022-05-25	90.02622
2022-03-08	90.00283
2021-10-05	89.05661
2021-09-28	89.04190
2021-09-07	88.00941
2021-06-22	87.00103
2021-06-15	86.00934
2021-06-08	86.00766
2021-06-01	86.00601

Refine Search

Threat Encyclopedia

W32/Generic.C!tr

Analysis

W32/Generic.C!tr is a generic detection for a type of trojan that uses a polymorphic custom packer. Since this is a generic detection, malware that are detected as W32/Generic.C!tr may have varying behavior.
Below are examples of some of these behaviors:

It creates the following files:
- undefinedAppDataundefined\Mozilla\{Random 7 Letters}.dll: This can be detected as W32/Agentb.AAKP!tr.
- undefinedAppDataundefined\Mozilla\{Random 7 Letters}.exe: This is a copy of itself with eight bytes appended and is also detected as W32/Generic.C!tr.

It adds the following registry to enable its automatic execution:
- key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
- value: AppInit_DLLs
- data: undefinedAppDataundefined\Mozilla\{Random 7 Letters}.dll

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
FortiClient Systems
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Network

Files and Endpoint

Application