W32/CTX

description-logoAnalysis

  • Virus is 32bit, with a size range of 6800 to 7400 bytes and is very polymorphic
  • Virus is dropped from another virus/Internet worm known as W32/Cholera
  • Virus infects the last section of PE files and modifies the WIN.INI in order to load at next Windows startup
  • Virus seeks email addresses from the Windows address book and other files which may contain email addresses and using its own SMTP engine sends an email to each address found, with no subject line, and the file "setup.exe"

Telemetry logoTelemetry

Detection Availability

FortiClient
Extreme
FortiMail
Extreme
FortiSandbox
Extreme
FortiWeb
Extreme
Web Application Firewall
Extreme
FortiIsolator
Extreme
FortiDeceptor
Extreme
FortiEDR