virus logo Virus

W32/Waski.F!tr

description-logoAnalysis


W32/Waski.F!tr is a generic detection for a type of trojan that uses a custom packer. Since this is a generic detection, malware that are detected as W32/Waski.F!tr may have varying behavior.
Below are examples of some of these behavior:

  • Drops the following file:
    • undefinedTempundefined\[Varies].exe (e.g., orrhb.exe) : This is a copy of the original malware with appended overlay. The filename is hardcoded into the malware sample.

  • It tries to access the following URL:
    • http://94.23.{Removed}.202

  • It attempts to download files from the following URLs:
    • http://frucht{Removed}.com/design/cw400.zip
    • http://macroges{Removed}.com/latam/cw400.zip
    • http://alopha{Removed}.com/css/48s2.zip
    • http://dis{Removed}.com//Scripts/88u2.zip


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-05-23 91.03526
2023-02-27 91.00974
2023-01-16 90.09713
2023-01-10 90.09530
2023-01-03 90.09320
2022-12-19 90.08866
2022-12-06 90.08482
2022-12-05 90.08455
2022-12-01 90.08342
2022-12-01 90.08335
ID 6270100
Released Jul 14, 2014
Description
Updated		 Aug 12, 2014
Aliases Troj/Ransom-AKB (Sophos), Win32/TrojanDownloader.Waski.F trojan (NOD32)
Platform Profile Win32 file format / PE 32 bit