VirusW97M/Nagem.A
Analysis
- Virus consists of one macro module named "Magan_Macro"
- Virus hooks Word event handler which prevents the
opening or saving of infected files
- On systems where the system date is configured
as DD/MM/YYYY and the day is after the 10th, there
is a 50undefined chance Windows may shut down when closing
infected documents
- On systems where the system date is configured as DD/MM/YYYY and the day is after the 20th, the current document is password protected with the word "password" when closing infected documents
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |