Central Point Anti-Virus immunized file

From Just Solve the File Format Problem
Revision as of 14:15, 16 February 2025 by Jsummers (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
File Format
Name Central Point Anti-Virus immunized file
Ontology
Released ≤1991

Some versions of Central Point Anti-Virus, and Turbo Anti-Virus by Carmel Software (from which Central Point Anti-Virus was derived), have an "immunize file" feature that can modify DOS EXE and COM executable files, to insert a tamper-detection feature. This article describes these modified files.

Identification

Immunized COM files are observed to start with 14 bytes having the following pattern: e9 ?? ?? 00 ?? ?? 22 19 35 93 59 57 54 80.

Immunized EXE files have a certain byte pattern starting at the entry point (refer to MS-DOS_EXE#Special file positions): e8 20 00, then 32 bytes copied from the original file, then 5b 81 eb 03 01 50 51 52 ....

All files contain text strings such as "Central Point Anti-Virus (c) 1991 CPS" or "CARMEL Software Engineering - Turbo Anti-Virus(tm)", and "Self Integrity Check warning", but they differ by version.

Software

Sample files

Retrieved from "http://fileformats.archiveteam.org/index.php?title=Central_Point_Anti-Virus_immunized_file&oldid=50009"
Personal tools
Namespaces

Variants
Actions
Navigation
Toolbox