Threat Encyclopedia



JS/Agent.NDSW!tr is a generic detection for a trojan.
Since this is a generic detection, malware that are detected as JS/Agent.NDSW!tr may have varying behaviour.
Below are some of its observed characteristics/behaviours:

  • This malware is an obfuscated/injected JS file that uses an observed common variable name found amongst all its variants set initially to "undefined".

  • Below are some of the sites to which some of the samples observed tried to connect to:
    • fshmakin[removed].com/fshmaki[removed].php
    • bukuip[removed]
    • miskininka[removed].eu/wp-admin/css/colors/blue/blue.php
    • cepekrandegi[removed]admin/css/colors/blue/blue.php
    • edulearntechnol[removed]om/acc/admin/classes/local/settings/settings.php

  • Following are some of the exact file hashes associated with this detection:
    • Md5:0038536E7A2C7E0A33ECCE977E146594
    • Md5:73438BFD4E605C1DD50D3B73FE9E60B0
    • Md5:D60D52BC2D30D503996FB850FA82AB64

recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry