VirusXM/Laroux.fam
Analysis
- This virus hooks the Auto_Open macro of infected files in order to automatically run its code.
- It exists in a code module named laroux.
- When executed, it verifies if it has infected the Excel environment by searching for the file Binv.xls in the XLStart folder. If the file does not exist, a new workbook is created, infected and then saved as Binv.xls in the XLStart folder.
- It sets the following workbook properties to a null value during infection:
- Title = ""
- Subject = ""
- Author = ""
- Keywords = ""
- Comments = ""
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| FortiClient | |
| FortiAPS | |
| FortiAPU | |
| FortiMail | |
| FortiSandbox | |
| FortiWeb | |
| Web Application Firewall | |
| FortiIsolator | |
| FortiDeceptor | |
| FortiEDR |