• Downloads a file from http://aqzj.{REMOVED}.com/ma.exe and saves it to the Temporary folder as driveir.exe. It then runs this file.
  • The downloaded file does not run at Windows startup - it only runs when initiated by the dropper program, or by the user.
  • Recommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.