W32/Hantaner.A
Analysis
- Virus is 32bit, with a UPX compressed viral body
size of 24064 bytes
- The virus seeks the Kazaa file sharing folder by
looking into the registry and attacks EXE files –
files are infected by the virus in a prepending manner,
where the virus copies itself to the beginning of
host files
- Virus is coded in Delphi and contains the following
string, which is a derivative of the virus name:
HANTA-Vjoiner
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |