VBS/Redlof.A@m
Analysis
- undefinedWindowsundefined\web\kjwall.gif
- undefinedSystemundefined\kjwall.gif
- undefinedSystemundefined\kernel.dll OR c:\windows\system\kernel32.dll
- undefinedProgram Filesundefined\Common Files\Microsoft Shared\Stationery\blank.htm
- key: HKEY_CLASSES_ROOT\dllfile
- value: ScriptEngine
- data: VBScript
- key: HKEY_CLASSES_ROOT\dllFile\Shell\Open
- value: Command
- data: undefinedSystemundefined\WScript.exe "undefined1" undefined*
- key: HKEY_CLASSES_ROOT\dllFile\ShellEx\PropertySheetHandlers
- value: WSHProps
- data: {60254CA5-953B-11CF-8C96-00AA00B8708C}
- key: HKEY_CLASSES_ROOT\dllFile
- value: ScriptHostEncode
- data: {85131631-480C-11D2-B1F9-00C04F86C324}
- key: HKEY_CURRENT_USER\Identities\{Default User ID}\Software\Microsoft\Outlook Express\{Version Number}\Mail
- value: Compose Use Stationery
- data: 1
- key: HKEY_CURRENT_USER\Identities\{Default User ID}\Software\Microsoft\Outlook Express\{Version Number}\Mail"
- value: Stationery Name
- data: undefinedProgram Filesundefined\Common Files\Microsoft Shared\Stationery\blank.htm
- key: HKEY_CURRENT_USER\Identities\{Default User ID}\Software\Microsoft\Outlook Express\{Version Number}\Mail
- value: Wide Stationery Name
- data: undefinedProgram Filesundefined\Common Files\Microsoft Shared\Stationery\blank.htm
- key: HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Outlook\Options\Mail
- value: EditorPreference
- data: 131-72
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046
- value: 001e0360
- data: blank
- key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Microsoft Outlook Internet Settings\0a0d020000000000c000000000000046
- value: 001e0360
- data: blank
- key: HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Outlook\Options\Mail
- value: EditorPreference
- data: 131072
- key: HKEY_CURRENT_USER\Software\Microsoft\Office\10.0\Common\MailSettings\
- value: NewStationery
- data: blank
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |