Virus

VBS/Dropper.DL!tr

Analysis

VBS/Dropper.DL!tr is the detection for VBScript codes that are appended to HTM, HTML, and ASP files. These codes drop a malicious PE file into the Temporary folder as svchost.exe, then execute it.
At the time of analysis, the dropped PE file is detected as W32/Lebag.CQN!tr.

Recommended Action

Make sure that your FortiGate/FortiClient system is using the latest AV database.
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date	Version	Detail
2023-04-24	91.02671
2023-03-22	91.01660
2022-05-31	90.02802
2019-12-10	73.69300	Sig Updated
2019-12-05	73.58000	Sig Updated
2019-09-05	71.39200	Sig Updated
2019-08-28	71.20000	Sig Updated
2019-07-23	70.19000	Sig Updated
2019-06-08	69.11200	Sig Updated
2019-05-03	68.25100	Sig Updated

ID	2143453
Released	Sep 27, 2010
Description Updated	Dec 09, 2014
Aliases	Trojan-Dropper.VBS.Agent.bp, W32/Ramnit.a!htm virus, VBS/Inor-AA, VBS_RAMNIT.SMC, VBS/Inor.DZ, Trojan.HTML.Ramnit.A, Win32/Ramnit.A, W32/Cosmu.A, Trojan-Dropper.VBS.Agent.bp, HTML/Drop.Agent.AB, VBS.Rmnet.2, Trojan-Dropper.VBS.Agent.bp
Platform Profile	Visual Basic Script

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Virus

VBS/Dropper.DL!tr

Analysis

Recommended Action

Telemetry

Detection Availability

Version Updates

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

VBS/Dropper.DL!tr

Analysis

Recommended Action

Telemetry

Detection Availability

Version Updates

Threat Intelligence
Center