Fighting EPO Viruses

by Piotr Bania
Sept. 25, 2017 1 comment Symantec

This short article describes the so-called Entry-Point Obscuring (EPO) virus coding technique, primarily through a direct analysis of the Win32.CTX.Phage virus. The reader should know the basics of IA-32 assembly and the main elements of the Portable Executable (PE) file structure to fully understand this article. The author also advises the reader to review the Win32.CTX.Phage description written by Peter Szor and Wason Han , since this article does not cover all the features of the virus.

2flash 7 months, 3 weeks ago

EPO Viruses were a concern back in 2005. Happily, today they are a nice lesson of security history :)