Zmist
(Redirected from ZMist (computer virus))
| Zmist | |
|---|---|
| Malware details | |
| Alias | Z0mbie.Mistfall |
| Type | Computer virus |
| Origin | Russia |
| Authors | Z0mbie |
| Technical details | |
| Platform | Windows |
| Size | 9 kbytes |
Zmist (also known as Z0mbie.Mistfall) is a metamorphic computer virus[1][2] created by the Russian virus writer known as Z0mbie. It was the first virus to use a technique known as "code integration". In the words of Ferrie and Ször:[3]
This virus supports a unique new technique: code integration. The Mistfall engine contained in it is capable of decompiling Portable Executable files to [their] smallest elements, requiring 32 MB of memory. Zmist will insert itself into the code: it moves code blocks out of the way, inserts itself, regenerates code and data references, including relocation information, and rebuilds the executable.
Variants
[edit | edit source]- Zmist.gen!674CD7362358 - discovered in 2012.
- ZMist!IK - discovered 2011 - 2012.
- Zmist.A - discovered in 2006 - 2007.
See also
[edit | edit source]- Simile, a well-known metamorphic virus
- Computer virus
References
[edit | edit source]- ^ Aspevik, Egil; Detection of Junk Instructions in Computer Viruses, Masters Thesis, May 2008, University of Oslo (UiO).
- ^ Lua error in Module:Citation/CS1/Configuration at line 2172: attempt to index field '?' (a nil value).
- ^ Ferrie, Peter; and Ször, Péter; Zmist opportunities, Virus Bulletin, March 2001, Abingdon, Oxfordshire (UK), pp. 6–7
External links
[edit | edit source]- "Hunting for metamorphic", Metamorphic viruses description by Ször and Ferrie
- "Virus.Win32.ZMist.Predetect" by Secure List.
