Virus

W32/Injector.DRPD!tr

Analysis



W32/Injector.DRPD!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Injector.DRPD!tr may have varying behaviour.
Below are examples of some of these behaviours:

  • This malware may drop any of the following file(s):
    • %AppData%\subfolder\filename.scr : This file is detected as W32/Injector.DRPD!tr.
    • %StartUp%\filename.vbe : This file serves as the autostart for filename.scr.
    • %Temp%\[Random].bat : This file is detected as BAT/Small.NAN!tr.

  • This malware may connect to any of the following remote sites(s):
    • myp0nysit{Removed}.ru
    • hxxp://engrseltev{Removed}.com/king/panel/gate.php
    • streetcode{Removed}.com

  • The original copy of the malware is deleted after execution.



Recommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.