Penguin
Note: You are viewing an old revision of this page. View the current version.

A PolyMorphicVirus is a Virus that dynamically changes its binary code in an attempt to avoid identification by any single pattern of bytes in the code. Ideas have therefor been devised for how to transform code, particularly MachineCode, to equivalent, but different forms. Such transformations include:

  • Replacing single register copy instructions by push/pop pairs
  • Rearranging parts of the code using jumps to alter the order of execution
  • Inserting dummy operations that have no effect, such as NOPs
  • Permuting the registers used in the code

Most PolyMorphicViruses also encrypt themselves, only leaving a short decryption routine unencrypted. Of course, it gets jumbled the same as the rest of the code, since it might otherwise contain a characteristic enough byte pattern to scan for. Together, these techniques can lead to billions of representations of the same code. It can be hard for antivirus programs to detect them all reliably.