Fandom

Malware Wiki

Amoeba

1,327pages on
this wiki
Add New Page
Comments0 Share

Virus.DOS.Amoeba is a memory resident parasitic polymorphic encrypted virus on DOS.

There are 3 variants in 2 versions:

  • Virus.DOS.Amoeba.1392 (plus B)
  • Virus.DOS.Amoeba.2367

BehaviorEdit

Amoeba.1392 and 1392.bEdit

These variants hook INT 10h, 1Ch and 21h, and infect any executable and OVL files that are accessed.

EXE format is infected in a standard way, while that in COM format is infected by inserting itself into the beginning of the file.

Amoeba.2367Edit

This is a very dangerous variant. It hooks INT 21h and infect any executable file that is run.

PayloadEdit

Amoeba.1392 and 1392.bEdit

These variants display the message:

SMA KHETAPUNK - NOUVEL Band A.M.O.E.B.A. by PrimeSoft Inc

Amoeba.2367Edit

When an infected program is run on March 21st or November 1st, it cycles the characters with ASCII value and also the color, followed by erasing hard drive sectors, and hanging the system.

It also writes a program into the MBR and would display the following on every start:

"To see a world in a grain of sand,
And a heaven in a wildflower
Hold Infinity in the palm of your hand
And Eternity in an hour."

THE VIRUS 16/3/91

Other detailsEdit

Amoeba.2367 contains the internal text string:

AMOEBA

And also contains the encrypted internal text strings:

AMOEBA virus by the Hacker Twins (C)1991
This is nothing, wait for the release of AMOEBA II-The universal infector,
hidden to any eye but ours! Dedicated to the University of Malta-
the worst educational system in the universe,and the destroyer of
5X2 years of human life.
COM EXE

VideosEdit

Virus.DOS06:32

Virus.DOS.Amoeba (Bright flashing lights warning)

Amoeba virus review by danooct1

Virus.DOS.Amoeba02:10

Virus.DOS.Amoeba.2367

Virus.DOS.Amoeba.2367 on Virtual PC

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.