virus logo Virus

W32/Agent.ACR!tr

description-logoAnalysis

  • It drops the following file and run this file in memory:
    • undefinedTEMPundefined\keylog.exe
    The dropped file keylog.exe  is 985 bytes long and packed with MEW 11 1.2. It logs keystrokes and outputs it to its own cmd  window.

    recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extreme
    FortiClient
    Extended
    FortiMail
    Extended
    FortiSandbox
    Extended
    FortiWeb
    Extended
    Web Application Firewall
    Extended
    FortiIsolator
    Extended
    FortiDeceptor
    Extended
    FortiEDR

    Version Updates

    Date Version Detail
    2022-07-19 90.04286
    2022-05-24 90.02583
    2022-05-23 90.02563
    2022-05-23 90.02562
    2021-04-20 85.00593
    2021-02-06 83.84700 Sig Added
    2019-10-08 72.18000 Sig Updated
    2019-08-28 71.20200 Sig Added
    2019-07-09 69.85400 Sig Updated
    2019-05-26 68.80900 Sig Added
    ID 191402
    Released Jan 04, 2007
    Description
    Updated    		 Jan 10, 2007
    Aliases Trojan.Win32.Agent.acr, Backdoor.Obfus.A, Win32/Agent.OH trojan
    Platform Profile Win32 file format / PE 32 bit