From the doc: ' Features: - My first Win32 virus - Polymorphic. - Antiheuristics and EPO. Also works as good antidebugging feature against beginners (means lammers - Double encrypted. First decryptor resides in first section of victim. Second one,before virus code. - Selfpacking. Depends on victim, but sometimes compression could give 3.5 to 1 result (LZSS scheme - Per-process residency - Dosn't infect antiviruses (russian AVP' 'DrWeb only - filemask - Contains TCP backdoor Backdoor features 1. System info. Return system version,username,number of disks, . Upload' 'Execute Upload and execute file. After execution file is deleted. 3. Mass Download For example c windows pwl . Dir Directory listing 5. Backdoor shutdown (till next infected file run 6. Ability to upload plugins. - Infection not depends from attributes. - Windows directory infection. - Tested on Win95 OSR2,WinNT 4. ,Win2000,Win98 - completely workable. - Two infection methods 1. Standard add section . 2. Reloc residency (because it not used in PE Exe' . Possible it is not correct, but 100percent works) - Some ready plugins applied. - MessageBox - remote message box. - Shutdowm- remote shutdown - Gateway - redirection of TCP connections.'
Backdoor Program [Panda]Backdoor.InsaneBackdoor.Insane [Kaspersky]Backdoor.Insane.pluginBackdoor.Insane.plugin [Kaspersky]Backdoor/Insane [Computer Associates]Backdoor/Insane!plugin [Computer Associates]Backdoor/Insane.B!Server [Computer Associates]BackDo
fce07b0f.exegateway.exegl.exetest.exe
39df5f5f.dllshutdown.dll