| Description:
|
Details
Hanko.4167
It is a dangerous memory resident polymorphic and stealth parasitic virus. It hooks INT 21h and writes itself to the end of COM and EXE files that are executed or closed. On opening, renaming and debugging infected files the virus disinfects them.
The virus uses several levels on encryption, 64-bit key to run its random data generation routine, anti-debugging and other tricks to hide its code.
On July 7th at 7:07am the virus displays the text and halts the computer:
My name is Monica. I'm your new virus. If you are a programmer,
you can try to decode the author's info, that is encrypted somewhere
in my body. The decryption routine is also implemented. You must only
guess the key all
Good luck, friend. Now I stopped the computer. Press RESET, please.
There really is encrypted text in the middle of the virus code, this text is encrypted with 64-bit crypto-algorithm with unknown key. Being decrypted this text looks like follows:
Hi! You are really very good. So: My name is Michal Hanko, I'm from
Czech Republic. I live in Letovice, Halasova street
in Southern Moravia near Brno.
My E-Mail is: hanko@math.muni.cz. Please, mail me
that you've been succesful.
Copyright (c) Majkl soft. |
