virus logo Virus

W32/Agent.JW!tr

description-logoAnalysis

W32/Agent.JW!tr - 06-05-24


General Info:

This threat is a "PE" executable file, with file size 43520

Installation to System:

  • And creates these registry entries:
    HKEY_CURRENT_USER\Software\Microsoft\Mailer Data HKEY_CURRENT_USER\Software\Microsoft\Hotmail

More Info:

When executed, this malware displays the following message box: Title: "Microsoft Visual C++ Runtime Library" Message: "Runtime Error! Program: {full path and filename of malware} This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information." It steals the following information: POP3 user name and password, IMAP user name and password, SMTP server and email address, and Outlook Express accounts.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2024-02-12 92.01512
2024-02-07 92.01362
2024-01-29 92.01092
2023-12-28 92.00127
2023-12-25 92.00035
2023-12-16 91.09761
2023-07-04 91.04797
2023-05-16 91.03316
2022-11-22 90.08067
2022-09-21 90.06204
ID 41361
Released May 24, 2006
Description
Updated		 May 24, 2006
Aliases Win32:Agent-NB, Generic.Malware.M.4983ABA2, Trojan.Spambot, a variant of Win32/TrojanProxy.Agent.JW
Platform Profile Win32 file format / PE 32 bit