..
Click anywhere to stop
Click anywhere to stop
Class | Trojan-Banker |
Platform | Win32 |
Description |
Technical Details
By using these calls the virus then searches for files and infects them. While infection the virus incorporates its code into the middle of the file to the end of first section. The virus looks for gap in the virtual image of file: if there is enough free space between first and second section in virtual image (addresses in the memory, not in disk file – the virus avoids overlapping sections on loading file into the memory), the virus shifts the rest of the file down by 1024 bytes, writes its code into this cave, modifies entry point address and fix section headers.
|
Find out the statistics of the threats spreading in your region |