Virus.X97M.MODFEK.B

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Este malware no tiene ninguna rutina de propagación.

Este malware no tiene ninguna rutina de puerta trasera.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Instalación

Este malware infiltra una copia de sí mismo en las carpetas siguientes con diferentes nombres de archivo:

• {Excel Application Path}\XLSTART\mypersonnel.xls → if the malware file is not in this location

Propagación

Este malware no tiene ninguna rutina de propagación.

Rutina de puerta trasera

Este malware no tiene ninguna rutina de puerta trasera.

Otros detalles

Hace lo siguiente:

• It remains active every time Excel is launched, infecting any new workbooks created and previously saved workbooks when they are opened.
• It checks for a file named "mypersonnel.xls" in the following folder:
  
  • {Excel Application path}\XLSTART → Excel startup path
• If "mypersonnel.xls" exists in Excel startup path:
  
  • It copies a sheet named "Kangatang" from "mypersonnal.xls" containing the macro to the beginning of the active workbook for persistence.