Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Threats » X97M/Divi


Threat Risk LOW LOW
Destructivity NONE NONE
Detection files published 14 Nov 2000 03:00:00
Description created 15 Nov 2000 03:00:00
Description updated 15 Nov 2000 03:00:00
Malware type VIRUS
Spreading mechanism FILE_INFECTION
Summary None



X97M\Divi.A When an infected spreadsheet is opened the virus it drops a file named, BASE5874.XLS to MS Excel's startup path, this file will be loaded each time MS Excel is started. BASE5874.XLS will then infect all spreadsheets opened and created in MS Excel. Divi writes a custom property (File, Properties, Custom) to all spreadsheets it infects. This property is given the value IVID + a hex number. This property is used to determine whether the spreadsheet has already been infected or not; if already infected, it will not be reinfected.

X97M\Divi.B This is very similar to the A variant.

X97M\Divi.D This variant drop a file named 874.XLS to MS Excel's startup path, instead of BASE5874.XLS like the original A variant.

X97M\Divi.G This drops a file with same name as Divi.A, BASE5874.XLS.

X97M\Divi.N Divi.N drops a file named hr223.XLS to MS Excel's startup path.

Payload Details






Last Updated: 12 Nov 2015 11:06:12