Threat Description

DAME

Details

Aliases:DAME, Trigger
Category: Malware
Type:
Platform: W32

Summary



In 1993 the virus group Phalcon/Skism from Canada published a polymorphic engine called Dark Angel's Multiple Encryptor or DAME. The generator's name may have been meant as a dig at some members of the anti-virus community, who had been using the name DAME for Dark Avenger's Mutation Engine, MtE.

Dark Angel published his generator during the summer of 1993 in issue 11 of Phalcon/SKISM's magazine, 40Hex. Dark Angel has also written the two virus creation toolkits published by Phalcon/SKISM, the PS-MPC and G2.

DAME was distributed as commented source code. Along with the generator, Dark Angel published an article which dealt with polymorphism and the writing of polymorphic generators in general.

Dark Angel was apparently not completely satisfied with his initial product, because he introduced an improved version of DAME in the next issue of 40Hex.

The first version of DAME, 0.90, took up 1574 bytes. The improved 0.91 version had grown to 1960 bytes. Dame is known to have been linked to several different viruses.



Removal


Automatic action

Once detected, the F-Secure security product will automatically disinfect the suspect file by either deleting it or renaming it.

More

You may wish to refer to the Support Community for further assistance. You also may also refer to General Removal Instructions for a general guide on alternative disinfection actions.








Description Created: Mikko Hypponen, F-Secure


SUBMIT A SAMPLE

Suspect a file or URL was wrongly detected? Submit a sample to our Labs for analysis

Submit Now

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

Learn More