virus logo Virus

JS/Nemucod.EBZ!tr

description-logoAnalysis

JS/Nemucod.EBZ!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as JS/Nemucod.EBZ!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • Create object ActiveXObject
  • Create XMLHTTP object MSXML2.XMLHTTP
  • Download file and save it to %temp% folder as rad8D041.tmp
  • Write to file as Scripting.FileSystemObject or ADODB.Stream
  • Run command cmd.exe to execute it
  • The malware attempts to connect to the following sites:
    • hxxp://www.{Removed}ing.com/baise/mesg.jpg
    • hxxp://www.{Removed}xyz/mesg.jpg

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR

Version Updates

Date Version Detail
2020-03-10 75.86200 Sig Updated
2019-11-12 73.02100 Sig Updated
2019-02-15 66.39600 Sig Updated
2019-02-14 66.37100 Sig Added
ID 7994462
Released Jan 16, 2020
Description
Updated		 Feb 14, 2019
Aliases JS/TrojanDownloader.Nemucod.EDC trojan,HEUR:Trojan-Downloader.Script.Generic,Trojan-Downloader.JS.Nemucod,JS/Nemucod.IM!Eldorado,Trojan.GenericKD.41002151
Platform Profile Java Script