Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Leviathan - Virus for Windows by Benny

Virus for Windows

Benny
Show all viruses by this author

1999-00-00

Comments
Download leviathan.zip (9908 bytes) or browse online

Author's notes

I'm very proud to introduce my third Win32 virus. This honey is the FIRST MULTITHREADED semi-polymorphic antidebuggin' antiheuristic Win32 infector. Thats not all. This is also first virus simulatin' NEURAL NETS. Each neuron is simulated as one thread. Dendrits (more inputs) and Axons (one output) r coded as normal function parameters. Synapses ("conectors" linkin' neurons) r represented as single jumps and synchronizin' stuff. In bio-neurons, memory and ability to learn is in fact nothing other than swappin' synapses. This virus doesn't contain any learn-abilities, 'cause i've decided, there's nothing important to learn. Now, tell me, if u wanna have uncompleted virus that needs to teach step by step every shit, u want to be able to do it. I think, u don't and I don't want it too. But next version, i will improve it, i swear :-D. As u can see, this virus is wrote in very short time (ask Super for reason, hehe), so if u will see any errors, mail me to [email protected] I'm expectin' the most errors and mistypes will be present in synchronizin' stuff. I know, that method of synchronizin' of threads is the worst, I could choose, but it has two reasons - debuggers and heuristic scanners. ALL threads r runnin' on the background, so EVERY heuristic scanner that wants to detect it MUST support multi-threadin'. That's not easy to code, so this is the best anti-heuristic, I know. It works well also for debuggers. When u will step this, u will see only some decryptor, some API calls and "infinite" loop. But all other stuff is runnin' on the background, so u have to watch all threads. And that's not all, u have to watch and skip one "anti-debuggin'" thread, if u hate problems with debuggin' :D. And the last thing: This virus is unoptimized, i know that. It's simulatin' program written in some HLL language. It uses many instructions, many loops, many jumps and many variables. Heuristic scanner must have very large stack to handle this babe... (the biggest problem is speed of infected programs, but who cares...:D)

I think, this is the first step of makin' really armoured, anti-debuggin', anti-heuristic and (the most important thing) "inteligent" viruses.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org