virus logo Virus

W32/Dorf.BET!tr.dldr

description-logoAnalysis

  • Creates an event object named E8dK894Lm9#sF2i$sOBq2X.

  • Drops the following file:
    • undefinedSYSTEMundefined\wincom32.sys - detected by Fortinet as W32/Groan!tr.rkit.
  • Registers wincom32.sys  as a kernel service named wincom32.

  • Attempts to invoke the wincom32  service to protect itself.

  • Reboots the system after execution.

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiClient
    Extreme
    FortiMail
    Extreme
    FortiSandbox
    Extreme
    FortiWeb
    Extreme
    Web Application Firewall
    Extreme
    FortiIsolator
    Extreme
    FortiDeceptor
    Extreme
    FortiEDR
    ID 326693
    Released Jan 19, 2007
    Description
    Updated    		 Jan 25, 2007
    Aliases Trojan-Downloader.Win32.Agent.bet, Downloader-BAI trojan, TROJ_SMALL.EDW, W32/Downloader.AYEN
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Downloader (tr.dldr)