W97M/Titch.H
Analysis
- Virus consists of one macro module named "UPC116STAG"
- Virus hooks Word event handler which prevents the
closing of infected documents
- Virus searches the macro storage of host files
for the string
"'UPC116STAG"
which exists in the virus body, as a means to determine if the host file is already infected
-
Virus writes its source code to a file
"c:\UPC116STAG.tmp"
for transfer to new host files, then deletes this file
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |