W32.Hazel by hh86
features:
- direct action file infector of CFF script files in current directory
- appends the original code with dropper script
- supports ANSI/UTF8 and Unicode encoded scripts
- disables Scripting Privilege Protection to allow exec of privileged functions
- CRC32 instead of API names for smaller code
- supports files with ANSI/Unicode names
- unlike previous viruses, this is not position-independent code
this is a remake of W32.CFFe and W32.Grimes to infect CFF scripts
import:
- if you touch this code, you will probably break it :)