W32/MSInit.A
Analysis
- Virus is 32bit, with a UPX compressed size of 22,016
bytes
- When first executed, virus will copy itself as
"dnetc.exe" to the Windows\System folder.
- Virus will modify the registry in order to load
at next Windows startup -
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices\
msinit = C:\Windows\System\dnetc.exe -hide -install -
Virus will seek machines which are connected to the network via NetBIOS and attempt to connect to systems which have a full system share available -
- machines found will be targets for the virus, and the virus will copy itself to that system and modify the WIN.INI to load the virus at next Windows startup
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |