X97M/Laroux.E
Analysis
- Virus hooks Excel event handler which prevents
the opening of infected files in order to run its
code
- Virus exists in a code module named "pldt"
- Virus verifies if it has infected the Excel environment
by searching for the file
"PLDT.XLS" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "PLDT.XLS" in the XLStart folder
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |