W32/Virtum!tr

description-logoAnalysis


  • It drops the following files:
    • undefinedSystemundefined\ljjgeee.dll
    • C:\Documents and Settings\Administrator\Local Settings\Temp\removalfile.bat

  • It adds the following registry:
    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgeee
    • value: DllName
    • data: ljjgeee.dll

    • key: HKCR\CLSID\{178D4E6A-BA5A-4ECB-8521-F7B8393FDB97}\
    • value:InprocServer32
    • data: undefinedSystemundefined\ljjgeee.dll

    • key: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjgeee
    • value: logon
    • data: logon

  • It injects codes into the explorer.exe  process.


recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2023-01-24 90.09944
2022-06-21 90.03462
2021-12-14 89.07763
2021-12-07 89.07553
2021-11-30 89.07343
2021-11-16 89.06923
2021-10-19 89.06081
2021-10-14 89.05933
2021-10-12 89.05871
2021-09-30 89.04740