X97M_RAWO.AR
Windows 2000, Windows XP, Windows Server 2003
![](/vinfo/imgFiles/legend.jpg)
Threat Type: File infector
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This file infector arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It executes downloaded files whose malicious routines are exhibited by the affected system.
TECHNICAL DETAILS
Arrival Details
This file infector arrives as an attachment to email messages spammed by other malware/grayware or malicious users.
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Download Routine
This file infector executes downloaded files :
- \{BLOCKED}0.{BLOCKED}7.30.118\hostpo\SCR.EXE
NOTES:
This malware is the detection for an infected Microsoft Excel file. It checks for open Microsoft Excel workbooks on the affected computer.
It then checks if a Sheet17 exists in the open workbooks. If not, it creates a hidden worksheet named Sheet17 and copies the content from the infected MS Excel file to the open workbook.