VirusW97M/Replog.A
Analysis
- Virus consists of one macro module within the class
storage
- Virus hooks Word event handler which prevents the
opening of infected documents
- Virus attempts to initiate an application located
on a mapped drive-
"I:\Eudora\Sys\Server.exe"
- Virus attempts to create a "log" file
at "I:\rep.log" with indication that the
application was initiated, containing this detail-
"Active on (Date)"
This is a probable indication that the original virus author had created this as a company internal virus
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |