Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Inca - Virus for Windows by Vecna

Virus for Windows

Vecna
Show all viruses by this author

1998-00-00

Comments
Download inca.zip (20913 bytes) or browse online

Author's notes

This is my first attempt at w95 plataform. Is a multipartite infector of PE filez, focused in fast spreading. It infect PE files by adding a new section randomly named and a polymorphic VxD-dropper. It infect ARJ/ZIP/RAR/LHA/PAK by adding a random named COM dropper, encripted by a polymorphic loop. It infect boot of floppies by adding a polymorphic loader to their boot sectorz. It spread over internet using DCC protocol provided by mIRC, using a worm to spread over channelz. In the internet part is also the payload activation.

The polymorphic decriptor in PE files isnt based in math instructionz, but in swapping. This novel technic of encription should provide problemz to disinfection and detection i hope, as not the whole code is "encripted" , but just some chunkz. The polymorphic decriptor is filled by lotz of conditionalz and unconditional jumpz.

The polymorphic engine that generate the droppers and the boot loader keep track of the contentz of all regz and flagz, as in advanced engines as Uruguay or Level3. This mean that if i need AX holding 0x0202, as for load 2 sectorz in the boot loader, i can obtain this values using XOR AX, ??? or ADD AX, ??? and like.

This source isnt compilable as is. Use the pre-compiled virus.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org