Peter Ferrie
Virus Bulletin, 4 December 2006, pp.4-6
ISSN 0956-9979
December 2006
Download PDF (50.5Kb) (You need to be registered on forum)Imagine you're a virus writer, someone who specialises in one-of-a-kind viruses, and you want to do something really new and different. You want it to be entrypoint-obscuring, using a technique that no one has used before. You want a polymorphic decryptor, one that appears to be deceptively simple. Of course, you also want a 32-bit and a 64-bit version. What would it look like? The answer is W32/Bounds and W64/Bounds!AMD64.