|
|
Zombie.ZCME.1638 Viruses Information
| Name: |
Zombie.ZCME.1638 |
| Category: |
Viruses |
| Description:
|
Details
Zombie.ZCME.16384
This is a harmless non memory-resident parasitic polymorphic virus. It searches for COM files in the current directory, then writes itself to the beginning of the file. Before infecting the virus creates in the memory (by writing byte-by-byte) the text string, and then immediately erases it:
ZCME 0.01 Z0MBiE`s Code Mutation Engine (c) 1997
The main feature of this virus is its polymorphic engine - the virus is not encrypted, but it has no any constant part of code. The virus does that by "mixing" its code while infecting files: by using its internal disassembler the virus disassembles itself and copies its Assembler instruction to 16K buffer at random selected addresses. If sequential instruction are copied to different blocks of buffer, to "link" them the virus uses Assembler instruction JMP. The virus then fixes addresses of Jump-by-condition (Jcc) instructions and subroutine CALLs. The virus also randomly inserts "do-nothing" NOP instruction in its code. As a result, 1346 bytes of actual virus code are randomly placed within 16K buffer.
See also Ply and TMC viruses. |
Top Viruses Visited Pages:
Invader. - 239 visits
not-a-virus:RiskWare.Tool.RegPatch. - 73 visits
Worm.P2P.Harex. - 66 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 60 visits
Small.58. - 56 visits
Coito.64 - 54 visits
I-Worm.Mapson. - 48 visits
Win32.Hidra - 43 visits
Win16.Klon.1177 - 42 visits
Marine.500 - 35 visits
Random Viruses Pages:
DrDemon Famil
December12.191
Ministry.47
V.62
Macro.Word.Onyx.
Macro.Word.Ceb
Tack Famil
WoodGoblin.241
Macro.Word.Illitera
Macro.Word97.Apmr
|
|
