VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

As above, sobelow

Peter Ferrie
Virus Bulletin, December 2011, pp. 9-11
ISSN 0956-9979
December 2011

[Back to index] [Comments]


In June 2009, an interesting article describing ‘Heaven’s Gate’ appeared on a popular VX website. This is an undocumented feature used by the 32-bit Windows environment when running on 64-bit versions of Windows, which allows for the transition between 32-bit and 64-bit code. In August 2011, we saw the first virus to make use of it: W32/W64.Sobelow.

[Read the article]

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka