W32/Hantaner.A

description-logoAnalysis

  • Virus is 32bit, with a UPX compressed viral body size of 24064 bytes
  • The virus seeks the Kazaa file sharing folder by looking into the registry and attacks EXE files – files are infected by the virus in a prepending manner, where the virus copies itself to the beginning of host files
  • Virus is coded in Delphi and contains the following string, which is a derivative of the virus name:

    HANTA-Vjoiner

Telemetry logoTelemetry

Detection Availability

FortiGate
Extreme
FortiClient
Extended
FortiMail
Extended
FortiSandbox
Extended
FortiWeb
Extended
Web Application Firewall
Extended
FortiIsolator
Extended
FortiDeceptor
Extended
FortiEDR