JS/Wonka.A!tr

description-logoAnalysis


JS/Wonka.A!tr is a generic detection for a type of obfuscated JavaScript trojan that uses a certain function to decode itself.
Since this is a generic detection, malware that are detected as JS/Wonka.A!tr may have varying behavior. Below are examples of some of these behaviors:

  • Execute a file named open.exe  in the current folder.
  • Execute another script on a remote server.
  • Download a file from the URL http://www.myownpa{removed}/load.jpg, rename the file as ~tmp0374.exe, then execute it.


recommended-action-logoRecommended Action

FortiGate Systems

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-12-01 91.09340
2020-05-12 77.37200 Sig Updated
2019-09-11 71.53500 Sig Updated
2019-09-10 71.52000 Sig Updated
2019-08-29 71.22800 Sig Updated
2019-08-29 71.22300 Sig Updated
2019-08-22 71.04900 Sig Updated
2019-08-17 70.79500 Sig Added
2019-08-17 70.77600 Sig Updated
2019-06-28 69.59400 Sig Added