W32/Agent.IR!tr
Analysis
W32/Agent.IR!tr - 05-12-07
General Info:
This threat is a "PE" executable file, with file size 538624
Files:
- Drop files: + ".dll" + data
Installation to System:
- Drops the following files:
IMAGEID.CFG, NOTES.INI, RNOTES.INI, CALCSR.INI, signal.cfg, UINST.INI in the Windows folder signal.cfg, bszip.dll, basecab.dll in the System folder test.ini, TMP9875.LOG in the Temporary folder - And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control\DisableConnectionQuery = dword:00000001 HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control\LoginSessionDisable = dword:00000001
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |