Recently, we found a simple malicious downloader that downloads a fake PDF file. Unlike a normal malicious loader that integrates the PE Loader code into its binary, this loader has stripped this part and has turned to fetching it online.
Our FortiGuard Labs Threat Intelligence system can detect the traffic of this downloader, which we are detecting asW32/Upatre.FT!tr, efficiently aiding in the analysis of this malware.
The Malicious Loader from the Cloud | Fortinet Blog
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.