Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Yobe - Virus for Windows by Benny

Virus for Windows

Benny
Show all viruses by this author

1999-00-00

Comments
Download yobe.zip (10837 bytes) or browse online

Author's notes

Hey reader! R u st0ned or drunk enough? If not, then don't read this, coz this is really crazy. Let me introduce u FIRST FAT12 infector (cluster/directory virus, this is also used to call), fully compatible with windozes (Win98)! No no, that's not enough. This is also resident, multithreaded in both of Ring-0 and Ring-3 levels with anti-debugging, anti-heuristic, anti-emulator and anti-monitor features, using Win9X backdoor to call DOS services and working with CRC32, Windows registry and API functions. Among all these features, I don't hope it has any chances to spread outta world. It infects only diskettes (A: only) and only one file - SETUP.EXE. More crazy than u thought, nah? Yeah, I'm lazy so I didn't want to test my code on my harddisk and I also didn't want to think about infication of more than one file. When I finished Win98.BeGemot, I was totally b0red of those stupid PE headerz, RVAs and such like. I wanted to code something really original, not next average-b0ring virus. I hope I successed. This virus doesn't demonstrate only porting old techniques (c Dir-II virus) to new enviroment, but also hot-new techniques (e.g. Ring0 threads). To be this virus really heavilly armoured is missing some poly/meta engine. Unfortunately, this conception of virus doesn't allow me to implement such engines (neither compression), coz I can't modify virus code. However, I included many usefull trix to fool debuggerz as well as heuristic scannerz. Bad thing is that this babe is detectable by NODICE32 - NODICE32 can find suspicious code (such as modifying IDT) and so it immediately reports an unknown virus. There ain't chance to improve it, coz I can't use any kind of encryption. Fortunately, other AVs find sh!t :D. I hope u will like this piece of work (it took me much time to code it, albeit it is very small (code is small, headerz r huge :) and optimized) and u will learn much from that. U want probably ask me, why I didn't coded stealth virus. U r right, It's easy to implement full-stealth mechanism, but, but, ... I won't lie u - I'm lazy :). Gimme know, if u will have any comments, if u will find any bugs or anything else...thnx.


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org