Virus

W32/Small.AUX!tr

Analysis

W32/Small.AUX-tr is a Trojan Downloader. Although it does not have any spreading capabilities by itself, upon execution it silently connects to a malicious web site over the internet and downloads 2 malicious files from there; once retrieved, those are in turn run on the infected computer "under the cloak". The 2 malicous files - named tool1.exe and tool2.exe - are located on http://www.vxiframe.biz, and are detected by Fortinet as W32/Small.AQT-tr and W32/LowZones.Y-tr respectively.

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

ID	56317
Released	May 29, 2005
Description Updated	Jun 22, 2005
Aliases	Troj/Dloader-OD [Sophos], Trojan-Downloader.Win32.Small.aux [KAV], W32/Downloader.CRN [FProt], W32/Small.AUX!tr
Platform Profile	Win32 file format / PE 32 bit

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Virus

W32/Small.AUX!tr

Analysis

Telemetry

Detection Availability

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/Small.AUX!tr

Analysis

Telemetry

Detection Availability

Threat Intelligence
Center