Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Legacy - Virus for Windows by Billy Belcebu

Virus for Windows

Billy Belcebu
Show all viruses by this author

1999-00-00

Comments
Download legacy.zip (36034 bytes) or browse online

Author's notes

This is a polymorphic heavily armoured multitask virus. It's undetectable by all the most powerful AVs (August 1999) such as are AVP, NODICE, etc. It has two layers of encryption (as my Win32.Thorin), the first one is polymorphic, made by MMXE v1.01, and the second one is an antidebug/antiemulator one, using also MMX opcodes if available. So, this is the world's first virus using MMX opcodes, and i am proud of it! :) Well, the polymorphic engine has a sorta plug-in, called PHIRE v1.00 that is able to generate a 256 polymorphic block of code that will be placed at host entrypoint for pass the control to the polymorphic decryptor at the last section. So, it's something like an EPO feature. This is also my first virus that infects archives (RAR & ARJ). This virus also have RDA features, by means of my new engine called iENC, that works with little blocks of code, instead a whole virus. There are 13h ;) routines in this virus that are encrypted independently from the two normal layers of the virus... It's a great feature :) This babe makes my Thorin to seem a joke... It beats Thorin in almost every aspect. The only bad point this virus has is, in some extreme cases, the speed. I've tried to fix that optimizing a bit the thread execution, and its order. Also, i've made the virus to be executed with the highest priority of execution. So the delay will be minimal (i hope), and in fastest PCs, will be unnoticeable. It's possible that this virus has bugs, but in all my tests, it worked perfectly. But nothing is perfect.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org