Virus

W64/Shruggle.1318

Analysis

Specifics
This is a 64-bit virus, coded for 64-bit Windows running on top of AMD64 processors. Files not protected by System File checker become targets for the virus. When the virus infects a file, it appends its code to the last PE section and appends a random number of bytes.
The virus uses AMD64 specific operands making this virus inoperative on other systems. The virus will not affect 32-bit files on 32-bit processor systems. This virus is a proof-of-concept creation.
Miscellaneous
This string exists 128 bytes beyond the beginning of the virus code, but is never displayed -
Shrug - roy g biv

Recommended Action

  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option
  • Replace infected files from original installation source.