W95/Dupator.1503

description-logoAnalysis

  • Virus is 32bit and targets Windows 95/98/Me platform .EXE files
  • When run, virus will copy existing “KERNEL32.DLL” from Windows\System folder and writes an infectious file “KERNEL32.DLL” into the Windows folder – the virus code is appended to this file
  • When Windows is restarted, EXE files executed or accessed will become infected due to the infectious KERNEL32.DLL file being loaded into memory
  • Virus contains the string “@DUPATOR!” in its code after the PE section headers

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR