W32/Tovkater.HG!tr.dldr
Analysis
W32/Tovkater.HG!tr.dldr is a generic detection for a Downloader trojan. Since this is a generic detection, malware that are detected as W32/Tovkater.HG!tr.dldr may have varying behaviour.
Below are examples of some of its observed behaviours:
- This malware may drop any of the following file(s):
- %Desktop%\download adobe_audition...lnk : This file is a shortcut file pointing to the original malware itself.
- %Desktop%\download airslax.lnk : This file is a shortcut file pointing to the original malware itself.
- %Desktop%\download bluestacks_fre...lnk : This file is a shortcut file pointing to the original malware itself.
- %Desktop%\download pokemon uraniu...lnk : This file is a shortcut file pointing to the original malware itself.
- %Desktop%\download torrent_345627...lnk : This file is a shortcut file pointing to the original malware itself.
- %Desktop%\download transroad_ usa...lnk : This file is a shortcut file pointing to the original malware itself.
- %Temporary Internet Files%\adobe_audition_3.exe : This file is detected as Riskware/InstallMonstr.
- %Temporary Internet Files%\airslax.exe : This file is detected as Riskware/InstallMonstr.
- %Temporary Internet Files%\bluestacks_free_2.10.6.8001.exe : This file is detected as Riskware/InstallMonstr.
- %Temporary Internet Files%\pokemon-uranium-v1.2.1-trainer.exe : This file is detected as Riskware/InstallMonstr.
- %Temporary Internet Files%\torrent_34562766.exe: This file is detected as Riskware/InstallMonstr.
- %Temporary Internet Files%\transroad_-usa-trainer-_1[1].exe : This file is detected as Riskware/InstallMonstr.
- This malware may connect to any of the following remote sites(s):
- 18{Removed}.80.54.18
- ic-d{Removed}.deliverydlcenter.com
- This malware calls itself using a parameter -sprunfromlink .
Recommended Action
- Make sure that your FortiGate/FortiClient system is using the latest AV database.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |