Lets imagine next thing.
We wrote a virus which partially
permutates all code it can find -
in the CODE sections, binary
files, etc.
Sure, it will be too hard
to perform such thing in all meaning of
permutation, but its easy
to replace some instructions or instruction
groups with their equivalents
of the same length.
What will be achieved performing
that hard task?
- EXECUTABLE FILES will be
changed
- PACKED executables&packer
checksums will be changed
- TROJANs&their checksums
will be changed
(tested on some
trojans - all became undetectable)
- VIRUSES&their checksums
will be changed
So, IDA will not understand
standard libraries.
Antiviruses will be unable
to detect most of objects processed with
such mutation.
Of course probablity of meeting
of two viruses on the same PC is low.
But anyway there are also
lots of packers/trojans.
Code Pervertor 1.0 & 1.1