Entry...............: 196-bytes Alias(es)...........: - Virus Strain........: xxxxxxxxShort Virus detected when.: - where.: - Classification......: Linkvirus, memory-resident, not reset-resident Length of Virus.....: 1. Length on storage medium: 196 Bytes 2. Length in RAM: 0 Bytes (uses system stack to hide it's code) --------------------- Preconditions ------------------------------------ Operating System(s).: AMIGA-DOS Version/Release..: V36+ Computer model(s)...: all models/processors (MC68000-MC68060) --------------------- Attributes --------------------------------------- Easy Identification.: none Type of infection...: Self-identification method in files: - first byte of first code hunk is $61.B Self-identification method in memory: - checks for "do".W at sysStackLower offset 0 System infection: - infects the following function: Dos Write() Infection preconditions: - Hunk Code is found - File is not infected already - file is smaller than $7c0*4 Infection Trigger...: Copying executable files Storage media affected: all dos devices (including RAM:) Interrupts hooked...: None Damage..............: Permanent damage: - none Transient damage: - generating of bad files is possible Damage Trigger......: Permanent damage: - none Transient damage: - too simply infect code Particularities.....: Smallest first hunk increaser for Amiga. Similarities........: Code is equal to xxxxxxxxShort. First long of first codehunk is replaced with jump to virus code. This is light version of NoName(212 bytes). Stealth.............: - Armouring...........: - Comments............: The main goal of this virus is it's size. There are some 'bugs' that may cause making wrong files (lack of clever test routines). The virus is not aware of processor caches. --------------------- Acknowledgement ---------------------------------- Location............: Pawlowice, Poland 2002 Classification by...: Zbigniew Trzcionkowski Documentation by....: Zbigniew Trzcionkowski Date................: 2002 Information Source..: Analyze of virus and source code Copyright...........: This documentation is public domain ===================== End of 196 bytes virus ============================ [Go back]