Virus.Win32.Vulcano

Class Virus
Platform Win32
Description

Technical Details

It is a memory resident parasitic Win32 virus. The virus stays in Windows memory as an application, hooks file searching and access functions, then infects PE EXE files that are intercepted.

The virus uses polymorphic engine to encrypt its body in infected files, as well as “entry-point-obscuring” (EPO) trick to hide its entry routine (to avoid trivial detection).

The virus uses anti-debugging and anti-antivirus tricks.

The virus contains “copyright” text string:

Win32.Vulcano by Benny/29A