29A Issue 03 06 16
eZine lover (@eZine)
Published in
29A
· 28 Dec 2019
comment * Ida.1490 ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ ÜÛÛÛÛÛÜ Disassembly by ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛ Darkman/29A ÜÜÜÛÛß ßÛÛÛÛÛÛ ÛÛÛÛÛÛÛ ÛÛÛÜÜÜÜ ÜÜÜÜÛÛÛ ÛÛÛ ÛÛÛ ÛÛÛÛÛÛÛ ÛÛÛÛÛÛß ÛÛÛ ÛÛÛ Ida.1490 is a 1491 bytes parasitic resident COM virus. Infects files at open file, get or set file attributes, load and execute program and rename file by appending the virus to the infected file. Ida.1490 has an error handler, non-destructive payload, second layer 16-bit exclusive OR (XOR) encryption in file and is polymorphic in file using its internal polymorphic engine. Ida.1490 is using the Random Decoding Key (RDK) technique. I would like to thank VirusBuster for pr...