This application requires Javascript for optimal performance.

W32/Bagle.AD@mm - Released Feb 24, 2006 - Last Updated Mar 13, 2007

Alias/es

Trojan-Downloader.Win32.Bagle.ad, W32/Bagle.gen@MM virus, TROJ_AGENT.AYT, Win32.Bagle.GD@mm, Win32/TrojanDropper.Bagle.E trojan, Trojan-Downloader.Win32.Bagle.ad

Detection Availability

Active DatabaseExtended Database
FortiGate
low
high
FortiClient
FortiMail N/A

Visible Symptoms

It opens a search file dialog box titled "Select file to crack" mimicking a cracking application.

Detailed Analysis

W32/Bagle.AD!mm - 06-04-04


General Info:

This threat is a "PE" executable file

Network/Internet:

  • It spreads through: mass-emailing

Files:

  • Drop files: ".dll"

Installation to System:

  • Drops the following files:
    It drops the file 'ldr64.dll' in the %System% directory.
  • And creates these registry entries:
    It automatically loads itself upon Windows startup by creating a new component in the Winlogon notifying module : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64\DllName = ldr64.dll HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ldr64\Startup = Startup

Reference: ID - 3163