Krueger.2271
Analysis
- This is a polymorphic virus that infects COM and DOS EXE files.
- When an infected file is executed, the virus stays resident in memory by hooking Interrupt 21h.
- The infection routine is triggered through various actions by the user, such as the following:
- setting the current directory
- creating a file
- opening an existing file
- deleting a file
- getting/setting file attributes
- renaming a file
- executing a program
- It appends its code to target host files.
- The virus contains the following text strings:
- Freddy KRueGer 2.1
- Hi Fridrik!
Telemetry
Detection Availability
FortiGate | |
---|---|
Extended | |
FortiClient | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |