| Description:
|
Details
Win32.InvictusDLL.200.a
This is a Win32 application that is detected by this name, and is infected with virus using a special INVICTUS library. This library (Win32 DLL file) is intended to minimize a virus writer's work when creating Win32 viruses and worms.
The INVICTUS library contains several standard routines for infecting files, enumerating network resources (for further infection), using polymorphic encryption, and sending infected e-mail messages, etc.
The only thing the virus writer has to do is to use library functions correctly, and to add some special routines (like payload routines), because most of the viral functions are already implemented in the INVICTUS library.
This version of the library are able to use the KME polymorphic library and "Entry Point Obscuring" technology when infecting files. This means the virus does not infect a file at its entry code, but places a "Jump Virus" instruction somewhere in the middle of the file-code section to make detection and disinfection procedures more complex. As a result, the virus is activated only when a corresponding infected-program branch receives control. |
