W32/Small.DQN!tr
Analysis
W32/Small.DQN!tr - 06-10-09
More Info:
This is a Trojan-Downloader. It injects the Trojan-Downloader codes to the "svchost.exe" process, which will download malicious file from the following URL:http://www.{REMOVED}.cl/images/titlebarr.gifsaves it as "C:\clipsrv.exe" and executes.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |