W32/Jitux.A!worm.im
Analysis
- Virus is 32bit with a file size of 24,576 bytes
and may be known as "jituxramon.exe"
- Virus was coded using Visual Basic 6 and uses imports
from VBA6ES.dll, a localized dynamic link library
for Spanish Windows
- If the virus is run, it will seek the location
of MSN Messenger, a Windows chat client from Microsoft
- the virus will look in this path -
C:\Archivos de programa\Messenger\msmsgs.exe
-
The virus will also check the titles of open Windows to locate MSN Messenger
-
If the virus is successful, it will then look for chat contacts to send a message
-
The virus creates a chat message with a hyperlink in the note pointing to a user page on the domain at 'www.home.no' and the binary file jituxramon.exe
-
The virus does not auto run, modify the registry, or copy itself to any location on the system
-
The virus has been removed from the user web site and is no longer available
Telemetry
Detection Availability
FortiClient | |
---|---|
Extreme | |
FortiMail | |
Extreme | |
FortiSandbox | |
Extreme | |
FortiWeb | |
Extreme | |
Web Application Firewall | |
Extreme | |
FortiIsolator | |
Extreme | |
FortiDeceptor | |
Extreme | |
FortiEDR |