ViruXine.W32 virus hides its presence by changing the underlying executable code. This virus code mutates while keeping the original algorithm intact — the code changes itself each time it runs, but the function of the code (its semantics) does not change at all.
Here is a section of the virus code (refer to image), where the loop performs XOR encryption and changes the way the code looks every time it is executed.
What is this technique called?
Submit