Kamikaze contains two different codes:
- Infection code
- Scrambled code
When an infected file is run, the virus overwrites first two uninfected files with the infection code in the current directory, and overwrites itself with the scrambled code, making it impossible to run again. If there is no more files to infect in current directory, it will search for subdirectories for further infection.
Additionally, the virus does not infect files smaller than the virus itself.
This virus uses file head overwriting technique for infection. Files that are overwritten by the virus is impossible to recover, and they should be replaced with clean copies.
The virus contains an invisible payload that overwrites itself and infect other files, it triggers when an infected program is run.
The first two bytes of every EXE file are either "MZ" or "ZM", which is the identifier. The virus uses the text string "kamikaze" to overwrite the first 8 bytes of the infected file, thus to trash the file. The system will no longer recognize the trashed file properly and it would crash when that file is executed.
Every infected program contains the following text string at the beginning of the file:
Even if the user manages to recover the first two byte of a trashed file to "MZ", it would still fail to execute as it tries to use a large amount of memory, making the system to show the message without hanging the system:
Program too big to fit in memory
Did you know?
It is believed that the name of the virus is referring to the term "神風" (カミカゼ, divine wind) in Japanese. The Kamikaze team is special attack unit from the Empire of Japan in World War II, who performs suicide attacks against Allied naval vessels.