W32/Mitglieder.VJ!tr
Analysis
Incorrect file version
- undefinedSYSTEMundefined\hldrrr.exe
- http://www.chapister{REMOVED}.com/mul5.php
- http://charles{REMOVED}.com/mul5.php
- http://cha{REMOVED}.cz/mul5.php
- http://www.chit{REMOVED}.com/mul5.php
- http://chec{REMOVED}.com/mul5.php
- http://cibe{REMOVED}.com.ar/mul5.php
- http://505{REMOVED}.com/mul5.php
- http://cof66{REMOVED}.net/mul5.php
- http://coma{REMOVED}.net/mul5.php
- http://conc{REMOVED}.com/mul5.php
- http://www.co{REMOVED}.ru/mul5.php
- http://do{REMOVED}.com/mul5.php
- http://www.cr{REMOVED}.com/mul5.php
- http://kre{REMOVED}.ru/mul5.php
- http://dev.jin{REMOVED}.com/mul5.php
- http://fox{REMOVED}.com/mul5.php
- http://uwu{REMOVED}.org/mul5.php
- http://v-v-ko{REMOVED}.ic.cz/mul5.php
- http://erich-kaes{REMOVED}.de/mul5.php
- http://van{REMOVED}.com/mul5.php
- http://axe{REMOVED}.hu/mul5.php
- http://kisa{REMOVED}.com/mul5.php
- http://veg{REMOVED}com/mul5.php
- http://vi{REMOVED}.ru/mul5.php
- http://vira{REMOVED}.com/mul5.php
- http://svat{REMOVED}.cz/mul5.php
- http://Vivamo{REMOVED}.com/mul5.php
- http://vkinf{REMOVED}.com/mul5.php
- http://vytu{REMOVED}com/mul5.php
- http://waise{REMOVED}.ch/mul5.php
- http://watsr{REMOVED}.org/mul5.php
- http://www.ag.oh{REMOVED}.edu/mul5.php
- http://wbec{REMOVED}.com/mul5.php
- http://cala{REMOVED}.com/mul5.php
- http://vpr{REMOVED}com/mul5.php
- http://grup{REMOVED}.de/mul5.php
- http://kn{REMOVED}de/mul5.php
- http://dog{REMOVED}.ch/mul5.php
- http://system{REMOVED}.de/mul5.php
- http://zeb{REMOVED}.net/mul5.php
- http://www.wal{REMOVED}.de/mul5.php
- http://hotc{REMOVED}.de/mul5.php
- http://innova{REMOVED}.net/mul5.php
- http://mas{REMOVED}.de/mul5.php
- http://we{REMOVED}hu/mul5.php
- http://web{REMOVED}.com/mul5.php
- http://we{REMOVED}.com/mul5.php
- http://www.ag{REMOVED}.edu/mul5.php
- http://poliklin{REMOVED}.sk/mul5.php
- http://wvp{REMOVED}.org/mul5.php
- http://www.ker{REMOVED}.de/mul5.php
- http://www.kljbw{REMOVED}.de/mul5.php
- http://www.vo{REMOVED}.de/mul5.php
- http://www.wch{REMOVED}.cz/mul5.php
- http://www.wg-auf{REMOVED}.de/mul5.php
- http://www.wzh{REMOVED}.com/mul5.php
- http://zsn{REMOVED}.sk/mul5.php
- http://xotr{REMOVED}.ru/mul5.php
- http://ilik{REMOVED}.com/mul5.php
- http://yeni{REMOVED}.com/mul5.php
- key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- value: hldrrr
- data: undefinedSYSTEMundefined\hldrrr.exe
- key: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- value: hldrrr
- data: undefinedSYSTEMundefined\hldrrr.exe
- key: HKCU\Software\\FirstRRRun
- value: FirstRR1232Run
- data: 1
Recommended Action
-
FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |