Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Miss Lexotan 6mg, garota... - Virus for Windows by Vecna

Virus for Windows

Vecna
Show all viruses by this author

2002-03-00

Comments
Download lexotan.zip (101360 bytes) or browse online

Released in 29A#6

Author's comments

The virus is formed by 3 parts: CODE, DATA and GENOTYPE. These block are inserted in already existing sections, and all RVAs and structures(import, export,resources,etc) are fixed, if relocations exists. If relocations dont exists, all data added go to last section.

CODE is always changed via the metamorphic engine: mixed, garbling added, instructions changed, and then optimized. Then CODE is added to the existing .code section(1st section).

DATA is the read-only/read-write data used by the virus. CRCs of API names, search mask, copyrights, variables, all these shits are here. It is added to any section that have read/write attributes, encrypted.

GENOTYPE is the data that the metamorphic engine use to rebuild the 'plain' virus from the metamorphic copy. It is a zcode compressed list of relatives distances, plus register/flag using info. It can be added to any existing section.

When virus run, it decrypt its DATA, unpack GENOTYPE and use it to rebuild 'plain' virus from CODE. Then 'plain' virus is processed by the engine, and new GENOTYPE is extracted from new generated CODE.

'Plain' virus, extracted from CODE, is not fixed: base instructions are changed by synonymous. So, there are 2 mutations: garbling/mixing is local, and changes are discarted when generationg new virus, but synonymous changes are mantained in base code.

Thus, virus have no fixed base form, evoluting from previous changes.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org