Virus

W32/Agent.ADLD!tr

Analysis

Creates the file zfbttcb.exe to the Temporary folder, which is a copy of itself with some differences at the end of the file, adding its file path to the overlay.

Attempts to download malicious files from the following URL:
- zo{Removed}7.in/skilltest/error/in.exe
It saves the downloaded file as as zvbvfndd.exe to the Temporary folder, then executes it.

Deletes the original copy of the malware from the current folder.

Recommended Action

FortiGate Systems

Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
Quarantine/delete files that are detected and replace infected files with clean backup copies.

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date	Version	Detail
2022-06-21	90.03462
2021-12-19	89.07902

ID	679136
Released	Jan 06, 2009
Description Updated	Oct 04, 2013
Aliases	Trojan-Downloader.Win32.Agent.hdnh (KAV), Win32/TrojanDownloader.Small.PRL (NOD32)
Platform Profile	Win32 file format / PE 32 bit