Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Egypt 1.5 - Virus for Windows by TOE-VX

Virus for Windows

TOE-VX
Show all viruses by this author

2005-07-29

Comments
Download egypt.zip (16209 bytes) or browse online

Author's comments

Infection method

Every 8 seconds it will scan for directory change and infects all files in new directory this is a very efficient method to retrieve files. The virus will also search for all exe files pointed to by link files in the desktop and infect them. Also the virus will infect all applications used to open ZIP files. EXE files are infected by the classical method of adding the viral body to the section in the file.

Polymorphism

The virus is polymorphic using its own engine. The virus uses slow polymorphism, utilizing a single decryptor for all files infected in the current run of the infected process. The polymorphic engine utilizes random registers, constructs calls to subroutines and also features conditional and unconditional jumps with non zero displacements. Yet it only utilizes a 32 bit xor operation. Although i coded this engine from scratch, i would like to thank GriYo, since i started writing "real" polymorphic engines only after i examined his 1996 Dos virus Implant.

Encryption

The virus is encrypted twice , the first decryptor is that generated by the polymorphic engine and the other decryptor is a fixed one with anti emulation trick. The encryption algorithm is just meant to be effective against scanners, not a one you would say much about.

To Assemble

  tasm32 -ml -m5 -q -zn egypt.asm
  tlink32 -Tpe -c -x -aa egypt,,, import32
  pewrsec egypt.exe

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org