polymorphic virus analysis
$0.00
- The virus is Polymorphic and very infectious.
- EPO : Entry Point Obscuring – the entry point address in the header is not modified, the virus injects code in the real entry point and hops around a few times, before it jumps to the virus entry point.
- Obfuscated layers, using junk instructions, and different decryption operations (simple ones tho).
- The junks code actually abuses a bug in VMWARE 5, so the virus actually crashed in the VM at the time of the analysis
