Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Plexar - Virus for Windows by LiteSys

Virus for Windows

LiteSys
Show all viruses by this author

2001-08-00

Comments
Download plexar.zip (16679 bytes) or browse online

Released in 29A#6

Author's comments

PE/DOC/XLS/OUTLOOK Multithreaded Polymorphic Direct Action infector.

Welcome to Plexar, my latest code.

It infects PE files by incrementing the last section, I don't overwrite .reloc section, it's preferible to let it alone. In fact, this virus avoids infecting some AV or Win32 files that should never be infected. This is done by CRC32 comparation.

Infects Word and Excel documents by dropping (thru VBScript) a macro module-infectant virus in the normal template and personal.xls that is capable of dropping an infected PE file to the Windows directory and then running it.

Distributes through Electronic Mail by dropping a VBS worm capable of sending infected droppers to every email address in the Outlook address book. Sorry but I didn't have any time to code a decent MAPI worm =(.

The Poly engine is another lame table-driven engine written by me =), no anti-aver intentions were the reason to write that poly engine, just to conceal the code a little. So I think it doesn't desire an explanation because the garbage is very lame.

It runs the different routines (word infection, vbs worm, direct action) in different threads. As I always said, I don't optimize my code too much.

The payload is very funny and if you're from Venezuela I hope you appreciate it. Consists in dropping a simple com file that displays some silly stuff in spanish, it runs on autoexec.bat but won't display the message until the following rule is complied (this is a very kewl idea I learnt from Byway ;D):

  If Month <= 7: Day = Month^2 / 3 + 4
  If Month >= 8: Day = Month^2 / 5 - 4

So the payload will run on every month (as a coincidence, the formula pointed to December 24th :P). It's not destructive so don't blame me.

This virus has lots of bugs, i've corrected many but still there are a lot. It was tested under Win95 (4.10.1111), Win98 (4.10.1998), WinME and WinNT (4.0/SP4), the virus worked perfectly under those versions. I don't know about Win98 SE and Win2K, since I don't have them installed, I have the CDs here but i'm a lazy ass and my HD space is totally phuken.

Virus Size = 12kb. Code not commented. Nor even AVP or Norton (with their "high heuristic" bloodhound shit) flagged the infected PE baits, except from Norton, which flagged the VBS worm.

If you need to contact me you can use both mail addresses: [email protected] or [email protected] Rembember, for decent stuff.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org