W32/CTX
Analysis
- Virus is 32bit, with a size range of 6800 to 7400
bytes and is very polymorphic
- Virus is dropped from another virus/Internet worm
known as W32/Cholera
- Virus infects the last section of PE files and
modifies the WIN.INI in order to load at next Windows
startup
- Virus seeks email addresses from the Windows address book and other files which may contain email addresses and using its own SMTP engine sends an email to each address found, with no subject line, and the file "setup.exe"
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |