This malware is 32-bit with a packed file size of 18,544. This threat sends a Denial of Service attack against a single IP address - 126.96.36.199. This IP address resolves to an Asia hosted system. This malware has no other purpose than to attempt to cause a DoS condition against the target IP.
Loading At Windows Startup
If this Trojan is run, it will copy itself to the System/System32 folder as "Kernel32.exe" and will run immediately. The Trojan modifies the registry to auto-run the Trojan at each Windows startup -
"Kernel32" = Kernel32.exe
The Trojan will consistently attempt to send SYN packets to the target IP address 188.8.131.52. The amount of packets sent could cause a Denial of Service event against the target system.
This threat has the string "DDoSer" in its code.
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option