VirusW97M/Titch.H
Analysis
- Virus consists of one macro module named "UPC116STAG"
- Virus hooks Word event handler which prevents the
closing of infected documents
- Virus searches the macro storage of host files
for the string
"'UPC116STAG"
which exists in the virus body, as a means to determine if the host file is already infected
-
Virus writes its source code to a file
"c:\UPC116STAG.tmp"
for transfer to new host files, then deletes this file
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |