W32/Datom.A

description-logoAnalysis

  • Virus is written in a high-level language and consists of three files -

    MSVXD.exe - 58,368 bytes - copies files, initiates MSVXD16.dll
    MSVXD32.dll - 81,408 bytes - contains hooks for MPR.dll, WSOCK32.dll
    MSVXD16.dll - 54,784 bytes - contains registry modification code

  • When virus is executed, it enumerates available shares via Network Neighborhood and attempts to connect to the share, and infects it by copying all three components to the Windows folder of the target machine.

  • The WIN.INI will also be attempted for modification on the target system in order to load MSVXD.exe at next Windows startup.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR

Version Updates

Date Version Detail
2018-09-25 62.46700 Sig Updated