virus logo Virus

W32/Zurgop.BK!tr

description-logoAnalysis


  • Creates a new folder under the user's Application Data folder using a randomized name, then drops a copy of itself into this new folder using a randomized name.

  • Creates the following registry entry to automatically execute its dropped file every time the infected user logs on:
    • key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    • value: [Random]
    • data: undefinedAPPDATAundefined\[Random]\[Random].exe

  • Attempts to inject cpdes into the following processes:
    • explorer.exe
    • svchost.exe

  • Collects information of the compromised system and sends them to the HTTP server http://se{Removed}gj333.com/.

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2023-02-27 91.00974
2022-09-09 90.05835
2022-08-30 90.05531
2022-05-25 90.02622
2020-01-21 74.70000 Sig Updated
2019-08-13 70.68900 Sig Updated
ID 6236156
Released Jun 13, 2014
Description
Updated		 Aug 07, 2014
Aliases Win32/TrojanDownloader.Zurgop.BK (NOD32)
Platform Profile Win32 file format / PE 32 bit