virus logo Virus

WM/Agent!tr

description-logoAnalysis


 This detection is for a collection of Microsoft Office files (mostly Word documents) that contain macros that are capable of downloading possibly malicious samples. A few examples of the URLs that it downloads from are the following:

  • HTTP://WWW.HUIS{Removed}.BE/FOTOS/ROLLOVER5.JPG
  • HTTP://DIREC{Removed}.COM/UPLOADS/1553948075.MAC.EXE
  • HTTP://CARHI{Removed}.COM/IMG/CALC.PNG

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-02-12 92.01512
2023-11-06 91.08560
2023-09-12 91.06894
2023-07-25 91.05424
2023-05-30 91.03736
2023-05-16 91.03316
2023-03-21 91.01630
2023-03-14 91.01420
2023-02-27 91.00974
2022-11-15 90.07857
ID 6467501
Released Sep 25, 2014
Description
Updated		 Nov 07, 2014
Aliases W97M/Downloader trojan, Troj/DocDl-A, W97M.Downloader.A, VBA/TrojanDownloader.Agent.A trojan
Platform Profile Microsoft Word macro