USTC.7680

description-logoAnalysis

  • This detection is for a legacy DOS Virus. It affects only DOS-based systems.

  • The malware has been observed to be capable of the following behavior:
    • It infects executables that have the DOS EXE or DOS COM format.
    • Like many old DOS viruses, its body is encrypted and highly polymorphic.
    • It inserts a lot of jump calls to evade AV detection.
    • It has memory residence capability.
    • It hooks INT 13h Service 21h.
  • There have been variants of this malware that are capable of infecting the Master Boot Record (MBR) of the infected system.

  • recommended-action-logoRecommended Action

      FortiGate Systems
    • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the 'Allow Push Update' option.
      FortiClient Systems
    • Quarantine/delete files that are detected and replace infected files with clean backup copies.

    Telemetry logoTelemetry

    Detection Availability

    FortiGate
    Extreme
    FortiClient
    Extended
    FortiMail
    Extended
    FortiSandbox
    Extended
    FortiWeb
    Extended
    Web Application Firewall
    Extended
    FortiIsolator
    Extended
    FortiDeceptor
    Extended
    FortiEDR

    Version Updates

    Date Version Detail
    2023-11-20 91.08976
    2022-12-10 90.08596
    2022-12-09 90.08587
    2022-12-09 90.08584
    2022-12-09 90.08583
    2022-12-09 90.08581