X97M/Anis

This page shows details and results of our analysis on the malware X97M/Anis

Overview

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.


Minimum DAT

4185 (2002-02-06)

Updated DAT

4765 (2006-05-18)

Minimum Engine

5400.1158

File Length

Description Added

2002-06-29

Description Modified

2002-09-18

Malware Proliferation

Characteristics

This is an Excel 97 and above macro virus. It exists in a module called "bdoc2". It stores itself in Excel's Startup Directory as a file called "AutoRun.xla".

If the date is April 26, it displays the message "─╩╣╙├╡─╩╟╡┴░╚φ╝■,╟δEmail To:zdqjs@sina.com ╤░╟≤░∩╓", otherwise if the date is the 26th of any month, it displays the message "─╩╣╙├╡─╩╟╡┴░╚φ╝■". If the date is divisible by 5, it exits Windows.

Symptoms

Excel's macro warning displayed. Message boxes mentioned above.

Method of Infection

Opening an infected spreadsheet will infect Excel's startup directory, and then infect other spreadsheets.

Removal

-

Variants