Maximize
Bookmark

VX Heavens

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Fighting EPO Viruses

Piotr Bania
SecurityFocus
June 2005

PDFDownload PDF (368.55Kb) (You need to be registered on forum)
[Back to index] [Comments (0)]

Abstract

This short article describes the so-called Entry-Point Obscuring (EPO) virus coding technique, primarily through a direct analysis of the Win32.CTX.Phage virus. The reader should know the basics of IA-32 assembly and the main elements of the Portable Executable (PE) file structure to fully understand this article. The author also advises the reader to review the Win32.CTX.Phage description written by Peter Szor and Wason Han , since this article does not cover all the features of the virus.

[Read the article]

deenesitfrplruua