VirusX97M/Laroux.E
Analysis
- Virus hooks Excel event handler which prevents
the opening of infected files in order to run its
code
- Virus exists in a code module named "pldt"
- Virus verifies if it has infected the Excel environment
by searching for the file
"PLDT.XLS" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "PLDT.XLS" in the XLStart folder
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |