Description
TPE is a polymorphic virus that infects .EXE and .COM files. The virus checks the name of .EXE files before it attempts to infect them and will not infect a range of files that it suspects are part of an Anti-virus package.
TPE is similar to MtE which is also a virus encryption engine. By using a variable encryption key, the virus will not look the same after it has infected different files. This makes the viruses harder to identify and clean because it is not possible to detected every varieant in which the virus may store itself. Thankfully these types of virus encryption engines are hard to write and fairly rare. The TPE polymorphic abilities also allow the virus to add random extra lines of code to the virus whose only useful purpose is to create ‘noise’ and attempt to confuse anti-virus programs. Because of these extra random lines of code, TPE’s size can be vary between 30-32k
If an infected file is run on any Thursday there is a one in 60 chance that the payload will be triggered. The viruses payload will display a Marijuana leaf and the message;
" legalize cannabis "
the virus will then wait for any key to be pressed. TPE has no ‘destructive’ payload and has no known clashes with computers that have a non-standard configuration. Contained in the text of the virus (but not displayed to the screen) are the messages:
‘Amsterdam = COFFEESHOP!’ and ‘[ MK / Trident ]’