When the going gets weird the weird turn pro
| last article | table of contents | next article |
|---|
| last article | table of contents | next article |
|---|
Win32.Mix by Energy
The first generation will only infect notepad.exe, and notepad.exe will only infect all exe files in the root.
The Win32.Mix virus will only be active this year, 2002.
It searches only in c: disk, looking for *.exe.
It won't infect other than PE files, with read&write access.
It has an inoffensive payload (MessageBox).
At infection time, appends itself to the last section.
Technique: It's a Win32 PE infector, direct action, permuated polimorphic virus. The original file lenght is possibly 16 kb long.
The compression routine packed this Virus to 3904 bytes.