X97M/Laroux.A

description-logoAnalysis

  • Virus hooks Excel event handler which prevents the opening of infected files in order to run its code
  • Virus may become up-converted from Excel95 to Excel97 when opening infected Excel95 workbooks in Excel97
  • Virus exists in a code module named "laroux"
  • Virus verifies if it has infected the Excel environment by searching for the file "PERSONAL.XLS" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "PERSONAL.XLS" in the XLStart folder
  • Virus sets these workbook properties to a null value during infection -

    Title = ""
    Subject = ""
    Author = ""
    Keywords = ""
    Comments = ""

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR