VirusW64/Shruggle.1318
Analysis
Specifics
This is a 64-bit virus, coded for 64-bit Windows running on top of AMD64 processors. Files not protected by System File checker become targets for the virus. When the virus infects a file, it appends its code to the last PE section and appends a random number of bytes.
The virus uses AMD64 specific operands making this virus inoperative on other systems. The virus will not affect 32-bit files on 32-bit processor systems. This virus is a proof-of-concept creation.
Miscellaneous
This string exists 128 bytes beyond the beginning of the virus code, but is never displayed -
Shrug - roy g biv
Recommended Action
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
- Replace infected files from original installation source.
Telemetry
Detection Availability
| FortiClient | |
|---|---|
| Extreme | |
| FortiMail | |
| Extreme | |
| FortiSandbox | |
| Extreme | |
| FortiWeb | |
| Extreme | |
| Web Application Firewall | |
| Extreme | |
| FortiIsolator | |
| Extreme | |
| FortiDeceptor | |
| Extreme | |
| FortiEDR |