Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Cairuh - Worm for Windows by Bull Moose

Worm for Windows

Bull Moose
Show all viruses by this author

2009-11-30

Comments
Download cairuh.zip (487698 bytes) or browse online

Author's description

Based on Conficker, MyDoom, Newstar v4(Mine), and NetSky.AE.

Encrypts most strings using the CiphStr() function in lib.c, Persistant Infection (Modifies run, exefile, and comfile keys in registry. When supplied an argument for exefile and comfile, the file shall be overwritten.), PE32 Infection, Network Exploit Spread (Optimized), Backdoor that accepts files/saves to system32 as random filename and executes it, Anti Virus Terminator, P2P Spread, USB Spread, Anti Debugging VIA IsDebuggerPresent(), and Blocks Websites using the HOSTS file. Upon Compilation from the makefile, it packs then modifies the UPX Section names to prevent decompressing.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org