Home / malwarePDF  

Win32.Fosforo.A


First posted on 21 November 2011.
Source: BitDefender

Aliases :

Win32.Fosforo.A is also known as N/A.

Explanation :

The virus uses the EPO (Entry Point Obscurity) technique to make detection harder - that is, replaces an API call with a call to its code. It appends itself at the end of the file, and is encrypted with a primitive method. It has also an anti-debug trick that would cause a stack overflow.

The virus infects most of PE files in current directory, as well as Windows and System directories. It doesn't infect files that have V as the first or second letter, or files whose name begin with "F-". The virus may infect incorrectly some files and so they may not run. Infected files also have the file PE structure corrupt in the last part, and may give a not-enough-memory message when ran.

On the date of 12 July of any year, infected applications hang if ran.

Last update 21 November 2011

 

TOP