Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

YeLeT 0.9 - Virus for MS-DOS by Spooky

Virus for MS-DOS

Spooky
Show all viruses by this author

Comments
Download yelet.zip (9462 bytes) or browse online

This is YeLeT version 0.9, it is not the final version, i wanted to add some more stuff but didn't get it done until we released CB #4. Also this is NOT for educational purposes :) because its HIGHLY unoptimized (... well, but it werx!) I know that this virus is getting detected by AVP as 'Suspicion Type_ComExeTsr' (don't know about other scanners) but i don't care about that yet as its just a beta version, a final version (with many improvments) will sometimes be available from the CB webpage.

Anyway, YeLeT stays resident and hooks Int 21h (func: 4Bh) and infects MZ/ZM EXE and COM files both in plain DOS and after loading Winblows. It uses 2 encryption layers, the second one uses just simple XOR (with some bruteforce cracking so the key doesn't have to be stored in the code) and the first layer uses my own Unoptimized-Viral-RC4 routine (this routine doesn't use any bruteforce cracking routines as it would make the user a bit suspicious if files would take billions of years to load ;-)). Also it uses simple DTA-size stealth, direct infection of win.com, and it avoids infection of some AV programs and archivers.

... and before the interesting stuff beginns, here is a description of RC4 (from 'Applied Cryptography'):


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org