| ID | 104030 |
| Released | Dec 31, 2005 |
| Description Updated | Dec 31, 2005 |
Detection Availability
| FortiGate | |
|---|---|
| Extreme |
|
| FortiClient | |
| Extended |
|
| FortiMail | |
| Extended |
|
| FortiSandbox | |
| Extended |
|
| FortiWeb | |
| Extended |
|
| Web Application Firewall | |
| Extended |
|
| FortiIsolator | |
| Extended |
|
| FortiDeceptor | |
| Extended |
|
| FortiEDR |
|
Threat Profile
Aliases:- W32/Agent.BU-tr
Win32 file format / PE 32 bit
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-05-25 | 90.02622 | |
| 2021-11-16 | 89.06923 | |
| 2021-09-03 | 88.00849 | |
| 2021-09-03 | 88.00848 | |
| 2021-07-20 | 87.00765 | |
| 2020-11-09 | 81.70000 | Sig Added |
| 2019-12-24 | 74.02900 | Sig Updated |
| 2019-11-06 | 72.87200 | Sig Added |
| 2019-05-28 | 68.84900 | Sig Updated |
| 2019-04-24 | 68.03000 | Sig Added |
Refine Search
Threat Encyclopedia
W32/Agent.BU!tr
Analysis
W32/Agent.BU!tr - 05-12-31
General Info:
This threat is a "PE" executable file, with file size 62658
Files:
- Drop files: ".exe" + ".dll"
Installation to System:
- Drops the following files:
undefinedSystemFolderundefined\ibm00001.exe undefinedSystemFolderundefined\ibm00001.dll undefinedSystemFolderundefined\ibm00002.exe - And creates these registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Shell = ""undefinedSystemFolderundefined\ibm00001.exe""
More Info:
This trojan drops W32/Zapchast.AD!tr and W32/Small.DG!tr.
