virus logo Virus

JS/Nemucod.DTD!tr.dldr

description-logoAnalysis
JS/Nemucod.DTD!tr.dldr is a generic detection for a JS Downloader Trojan that installs Locky Ransomware, detected as W32/Locky.AZKQ!tr.ransom. Since this is a generic detection, this malware may have varying behaviour.
Along with W32/Locky.AZKQ!tr.ransom, below are some of the observed characteristics/behaviours for this infection:

  • This malicious JS may download from any of the remote site listed below, then usually saves it as undefinedTempundefined\[Random].exe, afterwhich executes it.
    • ind{Removed}.info/admin.php?a=1
    The dropped file is currently detected as W32/Locky.AZKQ!tr.ransom.

  • Below is an illustrations of the dropped Ransomware notes:

    • Figure 1: Ransom note.



recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
Extreme
FortiAPS
FortiAPU
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR
ID 7523036
Released Oct 11, 2017
Description
Updated		 Oct 12, 2017
Aliases W32/Kryptik.FXQW!tr, Win32/Kryptik.FXQW trojan, W32/Locky.AZKQ!tr.ransom, Trojan-Ransom.Win32.Locky.abeb, RDN/Generic.hra trojan, Ransom_Locky.R045C0DJC17, Win32/Filecoder.Locky.M trojan, JS/Nemucod.DTD!tr, JS:Trojan.Cryxos.1303, JS/TrojanDownloader.Nemuco
Platform Profile Java Script
Profile Type Trojan Downloader (tr.dldr)