W32/Agent.AFJ!tr

description-logoAnalysis

W32/Agent.AFJ!tr - 05-12-31


General Info:

This threat is a "PE" executable file, with file size 3045, with file compression: FSG

Files:

  • Copies itself to: undefinedSystemDirectoryundefined

Installation to System:

  • When run, it copies itself to:
    undefinedWindowsFolderundefined
  • And creates these registry entries:
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\SystemLoader = "undefinedWindowsFolderundefined\sysldr32.exe"

More Info:

This program attempts to download the following files: http://72.36.244.185/0031/xp_0031.exe http://72.36.244.185/0031/xp_nb47.exe http://72.36.244.185/0031/tool.exe http://72.36.244.185/0031/9x_9804.exe http://72.36.244.185/0031/9x_nb47.exe http://72.36.244.185/0031/tool.exe The website is currently unavailable.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-02-24 92.01863
2019-08-27 71.17600 Sig Updated
2019-07-21 70.14700 Sig Added