Virus

Analysis

Drops the following files:

undefinedSystemundefined\[random].exe
hidn2.exe
hldrrr.exe

Adds the following registry:

key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
value: drv_st_key
data: C:\Documents and Settings\[user]\hidn\ hidn2.exe

key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
value: drv_st_key
data: C:\Documents and Settings\[user]\hidn\ hidn2.exe

Email Propagation:

Email format:

Subject:

price

Body:

It Is Protected
Passwrd: [a GIF file]

Attachment: price_list.zip

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

Telemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

ID	328347
Released	Jan 24, 2007
Description Updated	Feb 12, 2007
Aliases	W32/Bagle.gen, W32/Mitglieder.VO
Platform Profile	Win32 file format / PE 32 bit

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

W32/Mitglieder.VO!tr

Analysis

Recommended Action

Telemetry

Detection Availability

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Virus

W32/Mitglieder.VO!tr

Analysis

Recommended Action

Telemetry

Detection Availability

Threat Intelligence
Center