virus logo Virus

W32/Bagle.HK@mm

description-logoAnalysis

  • It drops the following files:
    • C:\Windows\System32\wintems.exe
    • C:\Documents and Settings\[user]\Application Data\hidires\hidr.exe
    • C:\Documents and Settings\[user]\Application Data\hidires\m_hook.sys
  • Adds the following registry:
    • key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    • value: drvsyskit
    • data: c:\Documents and Settings\[user]\Application Data\hidires\hidr.exe
    • key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    • value: german.exe
    • data: c:\windows\system32\wintems.exe
  • Attempts to terminate the firewall and other security applications, including antivirus monitors.

    • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extreme
    FortiClient
    Extended
    FortiMail
    Extended
    FortiSandbox
    Extended
    FortiWeb
    Extended
    Web Application Firewall
    Extended
    FortiIsolator
    Extended
    FortiDeceptor
    Extended
    FortiEDR
    ID 329506
    Released Jan 28, 2007
    Description
    Updated    		 Feb 08, 2007
    Aliases .
    Platform Profile Win32 file format / PE 32 bit