VirusW32/Fbound.C
Analysis
- Virus is 32bit, with a size of 12,288 bytes
- When executed this virus reads addresses from the
Windows Address Book (wab.exe) and sends a copy of
itself to each contact listed in this format -
Subject: Important
Body: [empty]
Attachment: patch.exe -
If the contact contains a suffix of ".jp" (Japan) then the virus may construct an email with Japanese characters in the subject line.
- Virus contains the following string which is never
displayed -
XXXXXXXXXXXXXXXXXXXXXXXXXXX
.XXXXX I-Worm.Japanize XXXXX.
XXXXXXXXXXXXXXXXXXXXXXXXXXX
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |