W32/Agent.AFJ!tr
Analysis
W32/Agent.AFJ!tr - 05-12-31
General Info:
This threat is a "PE" executable file, with file size 3045, with file compression: FSG
Files:
- Copies itself to: undefinedSystemDirectoryundefined
Installation to System:
- When run, it copies itself to:
undefinedWindowsFolderundefined - And creates these registry entries:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemLoader = "undefinedWindowsFolderundefined\sysldr32.exe"
More Info:
This program attempts to download the following files: http://72.36.244.185/0031/xp_0031.exe http://72.36.244.185/0031/xp_nb47.exe http://72.36.244.185/0031/tool.exe http://72.36.244.185/0031/9x_9804.exe http://72.36.244.185/0031/9x_nb47.exe http://72.36.244.185/0031/tool.exe The website is currently unavailable.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |