Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » X97M/Divi

Overview

Threat Risk LOW LOW
Destructivity NONE NONE
Payload
Detection files published 14 Nov 2000 03:00:00
Description created 15 Nov 2000 03:00:00
Description updated 15 Nov 2000 03:00:00
Malware type VIRUS
Alias
Spreading mechanism FILE_INFECTION
Summary None

X97M/Divi

Spreading

X97M\Divi.A When an infected spreadsheet is opened the virus it drops a file named, BASE5874.XLS to MS Excel's startup path, this file will be loaded each time MS Excel is started. BASE5874.XLS will then infect all spreadsheets opened and created in MS Excel. Divi writes a custom property (File, Properties, Custom) to all spreadsheets it infects. This property is given the value IVID + a hex number. This property is used to determine whether the spreadsheet has already been infected or not; if already infected, it will not be reinfected.


X97M\Divi.B This is very similar to the A variant.

X97M\Divi.D This variant drop a file named 874.XLS to MS Excel's startup path, instead of BASE5874.XLS like the original A variant.


X97M\Divi.G This drops a file with same name as Divi.A, BASE5874.XLS.


X97M\Divi.N Divi.N drops a file named hr223.XLS to MS Excel's startup path.

Payload Details

n/a

Analysis

n/a

Removal

n/a


Last Updated: 12 Nov 2015 11:06:12