W97M/Replog.A
Analysis
- Virus consists of one macro module within the class
storage
- Virus hooks Word event handler which prevents the
opening of infected documents
- Virus attempts to initiate an application located
on a mapped drive-
"I:\Eudora\Sys\Server.exe"
- Virus attempts to create a "log" file
at "I:\rep.log" with indication that the
application was initiated, containing this detail-
"Active on (Date)"
This is a probable indication that the original virus author had created this as a company internal virus
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |