Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

Virus.MSWord.Stryx

Home Threats Virus Virus.MSWord.Stryx
Class Virus
Platform MSWord
Description

Technical Details


This encrypted virus contains four macros:



NORMAL.DOT          Infected files

DokumentSchlie�en   DokumentSchlie�en

DateiSchlie�en      DateiSchlie�en

Stryx1              StryxOne

Stryx2              StryxTwo

It infects the system on DokumentSchlie�en and DateiSchlie�en (FileClose
and DocClose).


On December 1st the virus creates the FUNNY.COM DOS trojan and runs it.
This trojan creates random named subdirectories on current disk. To drop
that trojan the virus saves to FUNNY.SCR file hexadecimal dump and converts
it to DOS executable by using DEBUG utility. To do that the virus creates
and executes FUNNY.BAT file:



@echo off

debug < funny.scr > nul

@echo off

Funny.com

By using similar way the virus drops the DRACHE.GIF file with an image of a
dragon. Then the virus creates new template, inserts this GIF into there
and adds the strings:


STRYX!!!!

Look at your HD! 🙂

Sorry, but it’s so funny!

NJ 1996

Find out the statistics of the threats spreading in your region
© 2023 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy Cookies

Up