Fandom

Malware Wiki

CriCri

1,345pages on
this wiki
Add New Page
Comments0 Share

Virus.Multi.CriCri is a memory resident multipartite polymorphic stealth encrypted virus on DOS, written by Griyo from 29A.

There are 4 variants:

  • Virus.Multi.CriCri.4289
  • Virus.Multi.CriCri.4300
  • Virus.Multi.CriCri.4616
  • Virus.Multi.CriCri.4690

Behavior

When the virus is loaded into memory, it first infects C:\COMMAND.COM, followed by hooking INT 13h and 21h to infect any executable file by writing itself to the end of the file. It also infects the boot sector of floppy disks that are accessed.

The virus behaves stealthy so that there would have no observable size change on infected files.

The virus might not perform infection on every program execution, and it does not infect files containing digits or the following strings in their filename:

V TB SC F- GU

Additionally, the virus has bugs that may corrupt the files during infection.

Memory usage

The following table shows the memory usage of the variants.

Variant Memory usage in bytes
CriCri.4289 8,608
CriCri.4300 8,624
CriCri.4616 9,248
CriCri.4690 9,408

Payload

When the infected system is loaded or an infected program is run on June 4th, the virus displays a green message at the center of the screen and hangs the system.

CriCri.4289 and 4300:

Cri-Cri ViRuS by Griyo/29A ...Tried, tested, not approved.

CriCri.4616 and 4690:

Cri-Cri ViRuS by Griyo96 ...Tried, tested, not approved.

Other details

In fact, this virus avoids most of the files in DOS system directory.

The Implant virus is related to the CriCri family.

Videos

Virus.Multi02:42

Virus.Multi.CriCri

CriCri virus review by Alles Sandro

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.