W32/Agent.C!tr

description-logoAnalysis

  • Drops a copy of itself to the System folder as commdlgdll.exe.
  • Creates the following registry entry to automatically execute iteself during startup:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      commdlg.dll = "undefinedSystemundefined\commdlgdll.exe"
  • Drops a copy of itself to all removable/floppy drives as driver.exe.
  • Drops the file autorun.inf  to automatically execute its dropped copy whenever the drive is accessed. The following are the contents of this file:
    [Autorun]
    Open=driver.exe
    shellexecute=driver.exe
    shell\Auto\command=driver.exe
    Shell=Auto

recommended-action-logoRecommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-26 92.02813
2023-01-10 90.09530
2022-11-26 90.08191
2022-10-18 90.07000
2022-07-05 90.03884
2022-05-25 90.02623
2022-05-25 90.02622
2022-05-11 90.02186
2022-04-05 90.01122
2021-12-07 89.07553