X97M/Squared.B

description-logoAnalysis

  • Virus is identical to X97M/Squared.A in function - there is one additional line of virus code in the .B variant
  • Virus hooks Excel event handler which prevents the opening of infected files in order to run its code
  • Virus verifies if it has infected the Excel environment by searching for the file "nt².xls" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "nt².xls" in the XLStart folder
  • Virus is named from character in the code module name which represents the function of a value squared

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR