W95/Dupator.1503
Analysis
- Virus is 32bit and targets Windows 95/98/Me platform
.EXE files
- When run, virus will copy existing “KERNEL32.DLL”
from Windows\System folder and writes an infectious
file “KERNEL32.DLL” into the Windows folder
– the virus code is appended to this file
- When Windows is restarted, EXE files executed or
accessed will become infected due to the infectious
KERNEL32.DLL file being loaded into memory
- Virus contains the string “@DUPATOR!”
in its code after the PE section headers
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |