A case of mistaken identity

There have been many instances where a virus infects an unintended target; this time it's a variant of Virus:Win32/Huhk. As the name indicates, this virus usually attempts to infect x86 PE files.

 I came across a sample which contains the virus code, but there was something different about it...

Header from infected file

Yes, the infected file is a Windows CE binary for the ARM architecture.

When virus writers don't perform more than the basic checks such as ensuring the file is a windows executable:

PE Check

we end up with corrupt infections that can be difficult to clean. In such cases it's best to restore from backup.

Note this also means that the virus code will not execute correctly on an ARM processor, when the infected host is run.

- Raymond Roberts

Comments (0)

Skip to main content