Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

Virus.BAT.Hot2Trot

Home Threats Virus Virus.BAT.Hot2Trot
Class Virus
Platform BAT
Description

Technical Details


It is a dangerous nonmemory resident parasitic BAT virus. It searches for
.BAT files in the current and parent directories, then writes itself to the
end of the file. The virus uses an infecting way similar to parasitic COM
infectors – it writes its code to the end of the file and inserts
GoTo_Virus command to the file header:



+—————+

�@echo off      � Jmp-to-virus commands

+——�goto HotToTrot3�

�+—->�:To            �

��     +—————� Original BAT file commands

��     �…            �

��     �…            �

��     �…            �

��     +—————�

��+—-�goto Trot3     � Jump to return-to-DOS command

���    +—————�

+—–>�:HotToTrot3    � Main virus code

��    �…            �

��    �…            �

+—–�goto To        � Return to host program

+—>�Trot3:         � Return to DOS

+—————+

While infecting a file the virus accesses DOS functions (INT 21h). To do
that it creates and runs two temporary COM files – saves their hexadecimal
dump to disk and converts it to binary file by using DEBUG (if there are no
DEBUG in PATH, the virus may corrupt the files while infecting them).
Find out the statistics of the threats spreading in your region
© 2021 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up