virus logo Virus

W32/Agent.QN!tr.dldr

description-logoAnalysis

  • It deletes itself once executed.

  • It drops the following files:
    • undefinedSystem32undefined\dcom_8.dll
    • undefinedSystem32undefined\done1
  • Adds the following registry:
    • key: HKLM\SOFTWARE\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB8C34}
    • value: InProcServer32
    • data: undefinedSystem32undefineddcom_8.dll
  • Attempts to connect to external network on port 8888

  • File Information:
    • File size: 57.86 kbytes

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extreme
    FortiClient
    Extended
    FortiMail
    Extended
    FortiSandbox
    Extended
    FortiWeb
    Extended
    Web Application Firewall
    Extended
    FortiIsolator
    Extended
    FortiDeceptor
    Extended
    FortiEDR

    Version Updates

    Date Version Detail
    2023-04-04 91.02050
    2023-02-28 91.01012
    2019-08-27 71.17600 Sig Updated
    2019-07-26 70.25600 Sig Updated
    2019-07-25 70.24700 Sig Updated
    2019-07-21 70.13800 Sig Updated
    2019-07-13 69.94600 Sig Added
    ID 64154
    Released Oct 14, 2006
    Description
    Updated    		 Oct 16, 2006
    Aliases Trojan-Downloader.Win32.Agent.qn, Spam-DComServ.dr trojan
    Platform Profile Win32 file format / PE 32 bit
    Profile Type Trojan Downloader (tr.dldr)