W32/Agent.IR!tr

description-logoAnalysis

W32/Agent.IR!tr - 05-12-07


General Info:

This threat is a "PE" executable file, with file size 538624

Files:

  • Drop files: + ".dll" + data

Installation to System:

  • Drops the following files:
    IMAGEID.CFG, NOTES.INI, RNOTES.INI, CALCSR.INI, signal.cfg, UINST.INI in the Windows folder signal.cfg, bszip.dll, basecab.dll in the System folder test.ini, TMP9875.LOG in the Temporary folder
  • And creates these registry entries:
    HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control\DisableConnectionQuery = dword:00000001 HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable = dword:00000001

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2022-10-11 90.06790
2022-09-27 90.06370
2022-08-15 90.05090
2022-08-05 90.04801
2021-11-30 89.07343
2021-05-19 86.00284
2020-05-26 77.70500 Sig Updated
2020-03-10 75.85200 Sig Added
2018-12-11 64.82100 Sig Updated
2018-11-17 64.24500 Sig Added