Intel Security


This page shows details and results of our analysis on the malware X97M/Anis

Download Current DAT

Threat Detail

  • Malware Type: Virus
  • Malware Sub-type: Macro
  • Protection Added: 2002-01-30

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum Engine


File Length

Description Added


Description Modified


Malware Proliferation

This is an Excel 97 and above macro virus. It exists in a module called "bdoc2". It stores itself in Excel's Startup Directory as a file called "AutoRun.xla".

If the date is April 26, it displays the message "─╩╣╙├╡─╩╟╡┴░╚φ╝■,╟δEmail ╤░╟≤░∩╓", otherwise if the date is the 26th of any month, it displays the message "─╩╣╙├╡─╩╟╡┴░╚φ╝■". If the date is divisible by 5, it exits Windows.

Excel's macro warning displayed. Message boxes mentioned above.

Opening an infected spreadsheet will infect Excel's startup directory, and then infect other spreadsheets.