SecurityHome.eu Win32.Fosforo.A

Home / malware PDF

Win32.Fosforo.A

First posted on 21 November 2011.
Source: BitDefender
Aliases :
Win32.Fosforo.A is also known as N/A.
Explanation :
The virus uses the EPO (Entry Point Obscurity) technique to make detection harder - that is, replaces an API call with a call to its code. It appends itself at the end of the file, and is encrypted with a primitive method. It has also an anti-debug trick that would cause a stack overflow.

The virus infects most of PE files in current directory, as well as Windows and System directories. It doesn't infect files that have V as the first or second letter, or files whose name begin with "F-". The virus may infect incorrectly some files and so they may not run. Infected files also have the file PE structure corrupt in the last part, and may give a not-enough-memory message when ran.

On the date of 12 July of any year, infected applications hang if ran.
Last update 21 November 2011

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20