Malware Wiki


  • I live in Hong Kong
  • I was born on May 8
  • Satsuki8th

    Barrotes payloads

    October 10, 2016 by Satsuki8th

    Hoping that someone may provide the missing info of Barrotes variants that still have not been triggered yet...

    I did not have so much study on DOS opcodes so I do not know the meaning of most of the opcodes, but at least I learned something useful from the Barrotes.1463 virus, which is failed to activate due to a programming error, by comparing the current day in month with a value of 22h (34d), it is impossible to trigger, right?

    This value follows a pair of codes "80 FA", I checked the meaning of "80", it refers to a comparasion statement, meanwhile the "FA" is referring to date or something similar else.

    While inspecting a sample of Barrotes.840, instead of "80 FA", "81 FA" is found, with data "05 01". This pair of codes refers to check d…

    Read more >

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.