W32/Yabe.U!tr
Analysis
W32/Yabe.U!tr - 06-08-30
General Info:
This threat is a "PE" executable file, with file size 14848
Network/Internet:
- Connects to Server: HTTP
Files:
- Copies itself to: undefinedSystemRootundefined/undefinedWinDirundefined
Installation to System:
- When run, it copies itself to:
- undefinedSystemundefined\ipf.exe
- And creates these registry entries:
- HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ifp = undefinedSystemundefined\ipf.exe
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |