• Drops the following file:
    • undefinedSYSTEMundefined\adirss.exe
  • Adds the following registry:
    • key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    • value: sysinter
    • data: undefinedSYSTEMundefined\adirss.exe
  • Executes the following command to allow the malware to bypass the Windows firewall:
    • netsh firewall set allowedprogram "executing file name" enable
  • Sets up an SMTP server on TCP port 25 for mass mailing.
  • Recommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.