X97M/Jini.A1

description-logoAnalysis

  • Virus hooks Excel event handler which prevents the opening of infected files in order to run its code
  • Virus is actually a misrepaired infection of X97M/Jini.A and is still infectious
  • Virus exists in a code module named "module1"
  • Virus verifies if it has infected the Excel environment by searching for the file "SHN.XLS" in the XLStart folder - if the file does not exist, a new workbook is created, infected and then saved as "SHN.XLS" in the XLStart folder

Telemetry logoTelemetry