W64/Shruggle.1318
Analysis
Specifics
This is a 64-bit virus, coded for 64-bit Windows running on top of AMD64 processors. Files not protected by System File checker become targets for the virus. When the virus infects a file, it appends its code to the last PE section and appends a random number of bytes.
The virus uses AMD64 specific operands making this virus inoperative on other systems. The virus will not affect 32-bit files on 32-bit processor systems. This virus is a proof-of-concept creation.
Miscellaneous
This string exists 128 bytes beyond the beginning of the virus code, but is never displayed -
Shrug - roy g biv
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
- Replace infected files from original installation source.
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |