This malware is 32-bit with a packed file size of 18,544. This threat sends a Denial of Service attack against a single IP address - This IP address resolves to an Asia hosted system. This malware has no other purpose than to attempt to cause a DoS condition against the target IP.

Loading At Windows Startup
If this Trojan is run, it will copy itself to the System/System32 folder as "Kernel32.exe" and will run immediately. The Trojan modifies the registry to auto-run the Trojan at each Windows startup -

"Kernel32" = Kernel32.exe

DoS Payload
The Trojan will consistently attempt to send SYN packets to the target IP address The amount of packets sent could cause a Denial of Service event against the target system.

This threat has the string "DDoSer" in its code.

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option