W32/Parite.B
Analysis
- Virus is 32bit, with a size of 177600 to 177700
bytes
- Virus writes its code to a file in the Windows\Temp
folder in order to execute and infect other files
– the created file will be 176,128 bytes and
have a .TMP extension
- Virus then creates a key in the registry –
HKEY_CURRENT_USRE\Software\Microsoft\Windows\
CurrentVersion\Explorer\
PINF = (HEX value representing the path and filename of the .TMP file created) -
Virus will infect .EXE or .SCR files on the local system – the infected file will grow in size by a range of 177600 to 177700 bytes
Recommended Action
Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
Telemetry
Detection Availability
FortiGate | |
---|---|
FortiClient | |
FortiAPS | |
FortiAPU | |
FortiMail | |
FortiSandbox | |
FortiWeb | |
Web Application Firewall | |
FortiIsolator | |
FortiDeceptor | |
FortiEDR |