VirusW97M/Pri.A
Analysis
- Virus consists of one macro module within the class
storage
- Virus hooks Word event handlers which prevents
the opening or closing of infected documents
- Virus is polymorphic due to algorithmic variable
replacement within its virus code
- Virus searches the macro storage of host files
for the string
"Pri"
which is part of the syntax "Private Sub", as a means to determine if the host file is already infected
- Virus contains this comment line-
'W97M/PSD ...porn star dreams? [(c)1998 ALT-F11 code hack]
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |