Threat Description

DAME

Details

Aliases: DAME, Trigger
Category: Malware
Type:
Platform: W32

Summary



In 1993 the virus group Phalcon/Skism from Canada published a polymorphic engine called Dark Angel's Multiple Encryptor or DAME. The generator's name may have been meant as a dig at some members of the anti-virus community, who had been using the name DAME for Dark Avenger's Mutation Engine, MtE.

Dark Angel published his generator during the summer of 1993 in issue 11 of Phalcon/SKISM's magazine, 40Hex. Dark Angel has also written the two virus creation toolkits published by Phalcon/SKISM, the PS-MPC and G2.

DAME was distributed as commented source code. Along with the generator, Dark Angel published an article which dealt with polymorphism and the writing of polymorphic generators in general.

Dark Angel was apparently not completely satisfied with his initial product, because he introduced an improved version of DAME in the next issue of 40Hex.

The first version of DAME, 0.90, took up 1574 bytes. The improved 0.91 version had grown to 1960 bytes. Dame is known to have been linked to several different viruses.



Removal



Automatic Disinfection

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.








Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More