w32/Divinorum :: SumUp
W32.divinorum is my latest creatures of mine it is Win32 PE executable parasitic infecter, uses appending mode by adding new section to the end of the file, includes two decrypting routines one in the epo section and the other after jumping into virus body.
More information about it:
http://www.sophos.com/security/blog/2007/11/747.html ::sophos blog entry!
http://www.sophos.com/security/analyses/w32divvia.html ::sophos virus description
http://www.f-secure.com/v-descs/virus_w32_divvi.shtml ::f-secure virus description
http://vil.nai.com/vil/content/v_143761.htm ::McAfee virus description(added*)
I played sort of cheap game ! and mentioned aver guy name and asked him to cut his ponytail in order to attract avers analyzing it, and added extra flavors trying to figure out if someone really gonna put that creature in a debugger.
The virus source code will be published in the next e-zine from EOF and DoomRiderz.
I didnt manage to do any harm by coding this virus thats why I directly emailed the sample to AVers.
———————–
*Updated:15th of Dec 07
