VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

'Holey' virus, Batman!

Peter Ferrie
Virus Bulletin, September 2011, page 4-6
ISSN 0956-9979
September 2011

PDFDownload PDF (44.21Kb) (You need to be registered on forum)
[Back to index] [Comments]


Some might think that all of the entrypoints in Portable Executable (PE) files are known – but they would be wrong. As we saw with the W32/Deelae family [1], a table that has been overlooked for more than a decade can be redirected to run code in an unexpected manner. Now, a table that was used in Windows on the Itanium platform also exists on the x64 platform, and (surprise!) it can be misused too. The W64/Holey virus shows us how.

[Read the article]

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka