VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

VeRa v0.01 - Virus for Windows by Twister

Virus for Windows

Show all viruses by this author


Download (29510 bytes) or browse online


VeRa is the relatively simple (in my view ;) encrypted WinNT virus. It infects PE-files by adding a new section and replacing the first executable bytes of the program with jump to its "body". When the virus gains control, it will decipher itself, catch some functions to worl with files (see the source) and before returning the control to the original function trying to infect the target files. It also catches the MessageBoxA function and changes the displayed header of the message to its own. After setting up all hooks, VeRa begins to inject its code to all available processes and run it in the separate thread (what a bummer was to mess with the SetThreadContext ;) After all, when all of the above is done, the thread created , which under "lucky concourse of circumstances" ruin the windoz - here I used the known bug related to MessageBoxA. VeRa does not infect already infected files and does not inject into processes she (of course she is feminine ;) alredy injected to. There is a small antri-trace trick in the code, which will force the heirustic analyzers to get a break. As of the writing of these lines VeRa was not dected by any anti-virus available to me.

The virus carrier in the first generation has the concole to control the VeRa. By running this file (VeRa.exe) it is possible to randomly infect any given PE-file, inject to all possible processes (thus starting the "epidemy"), find all previously infected files in any specified directory (subderictories will be also scanned). The possibility to "cure" the files is planned.

By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! aka