X97M/Squared.B
Analysis
- Virus is identical to X97M/Squared.A in function
- there is one additional line of virus code in the
.B variant
- Virus hooks Excel event handler which prevents
the opening of infected files in order to run its
code
- Virus verifies if it has infected the Excel environment
by searching for the file "nt².xls"
in the XLStart folder - if the file does not exist,
a new workbook is created, infected and then saved
as "nt².xls" in the XLStart folder
- Virus is named from character in the code module name which represents the function of a value squared
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |