VirusW95/Spaces.1445
Analysis
- Viral body is 1,445 bytes and is appended to the
last section in 32 bit files
- The last section header will be modified with two
hex codes, 0x20 0x20 - the equivalent of two spaces
- the significance is the naming of the virus - it
also serves as a marker when the virus seeks itself
in memory
- Technique of virus when loading into memory makes
it a Windows 95/98/Me spreading threat only, although
other 32bit systems may host an infected file without
incident
- Some files may become corrupted after infection
- The entry point of the virus points to code
