W32/Fbound.C
Analysis
- Virus is 32bit, with a size of 12,288 bytes
- When executed this virus reads addresses from the
Windows Address Book (wab.exe) and sends a copy of
itself to each contact listed in this format -
Subject: Important
Body: [empty]
Attachment: patch.exe -
If the contact contains a suffix of ".jp" (Japan) then the virus may construct an email with Japanese characters in the subject line.
- Virus contains the following string which is never
displayed -
XXXXXXXXXXXXXXXXXXXXXXXXXXX
.XXXXX I-Worm.Japanize XXXXX.
XXXXXXXXXXXXXXXXXXXXXXXXXXX
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |