Lets imagine next thing.
We wrote a virus which partially permutates all code it can find -
in the CODE sections, binary files, etc.
Sure, it will be too hard to perform such thing in all meaning of
permutation, but its easy to replace some instructions or instruction
groups with their equivalents of the same length.
What will be achieved performing that hard task?
- EXECUTABLE FILES will be
- PACKED executables&packer checksums will be changed
- TROJANs&their checksums will be changed
(tested on some trojans - all became undetectable)
- VIRUSES&their checksums will be changed
So, IDA will not understand
Antiviruses will be unable to detect most of objects processed with
Of course probablity of meeting
of two viruses on the same PC is low.
But anyway there are also lots of packers/trojans.
Code Pervertor 1.0 & 1.1