|Place of Origin||Australia|
|File Type(s)||.com, .exe|
|Infection Length||1,206 bytes|
Republic was a memory-resident MS-DOS .COM and .EXE encrypted stealth infecter, including COMMAND.COM. It appeared in Issue 2 of VLAD Magazine in November of 1994. Republic shared many features in common with the VLAD virus which appeared in the same issue of the magazine.
Republic's infection schemes, memory-residence, CPU prefetch trick, use of SFT entries and infection marker are all near identical to Vlad's. The viruses both use INT 21h AH=60h to create an upper-case full pathname for the victim and share the same FCB/ASCII FindFirst/FindNext size stealth. The encryption of Republic seems to be mainly aimed at evading TBSCAN (Thunder-Byte Anti-Virus). The virus implements a 'stealth' scheme: Files are disinfected on 'open' calls and infected on 'close', chmod, exec and rename. Republic includes the text strings:
Go the Republic! Fuck off Royal Family! Qark/VLAD of the Republic of Australia
Original research by JPanic aka @JPanicVX