W97M/Ethan.Q

description-logoAnalysis

  • Virus consists of one macro module within the class storage
  • Virus hooks Word event handler which prevents the closing of infected documents
  • Virus checks for the file "c:\class.sys" which is associated with W97M/Class, and deletes this file

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR