Main Menu
Home
Bookmark
Contact Us

Categories
  Adware
  Adware Bundler
  AOL Exploit
  Backdoor
  Browser Hijacker
  Browser Plug-in
  Commercial Key Logger
  Commercial Remote Control
  Cookie
  Dialer
  E-Mail Flooder
  Hostile ActiveX Control
  ICQ Exploit
  Joke Program
  Key Logger
  Loader
  Low Risk Adware
  Misc
  Nuker
  P2P
  Password Hijacker
  Potential Privacy Risk
  Potentially Dangerous Tools
  RAT
  Search Hijacker
  Security Disabler
  Spyware
  Stealth Notifier
  Surveillance
  Toolbar
  Trojan
  Trojan Downloader
  Trojan FTP
  Trojan Telnet
  Viruses
  Worm
 


 
Win32.InvictusDLL.09 Viruses Information

Name: Win32.InvictusDLL.09
Category: Viruses
Description: Details
Win32.InvictusDLL.099

This is a Win32 application that is detected by this name, and is infected with virus using a special INVICTUS library. This library (Win32 DLL file) is intended to minimize a virus writer's work when creating Win32 viruses and worms.
The INVICTUS library contains several standard routines for infecting files, enumerating network resources (for further infection), using polymorphic encryption, and sending infected e-mail messages, etc.
The only thing the virus writer has to do is to use library functions correctly, and to add some special routines (like payload routines), because most of the viral functions are already implemented in the INVICTUS library.
This is the first known version of the library. It is about 4 Kb in length (packed with UPX), and about 14 Kb in an unpacked state.
The library contains the following copyright string:
"INVICTUS" LIBRARY 0.99 BY NBK
This version of the library contains only infecting routines.
When infecting files, the library sets the entry-point address of host applications to 0, so that Windows NT/2000/XP operating systems do not recognize them as valid Win32 applications, and will be unable to launch them. Windows 9x/ME don't check the integrity of files and will launch infected files, and the control flow is passed to the virus code.
The structure of an infected file appears as follows:
ã=====================-
ƒ infected ƒ <--- program entry point (at the
ƒ host file ƒ beginning of the infected file)
ƒ ƒ
ƒ---------------------ƒ
ƒƒPolymorphic code ƒƒ
ƒƒ ƒƒ
ƒƒINVICTUSDLL ƒƒ
ƒ+-------------------+ƒ
ƒƒvirus body ƒƒ
ƒ+-------------------+ƒ
ƒƒvirus body ƒƒ
ƒL--------------------ƒ
L=====================-



Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 72 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win16.Klon.1177 - 42 visits
Win32.Hidra - 42 visits
Marine.500 - 35 visits

Random Viruses Pages:
Zulu.139
Daffy.90
Win32.HLLW.Poetas.
Ninja.Raving.118
Khizhnjak.30
Sebe
KOH.
Antimon.145
Konkoor.174
IRC-Worm.Lo


 

© 2006-2008 spyware32.com - Privacy Policy