Maximize
Bookmark

VX Heaven

Library Collection Sources Engines Constructors Simulators Utilities Links Forum

Source code of computer viruses

Z0MBiE-10.a (ZMyst) - Virus for Windows by Z0mbie

Virus for Windows

Z0mbie
Show all viruses by this author

2001-08-00

Comments
Download z0mbie10.zip (89165 bytes) or browse online

Author's notes

MistFall.Z0MBiE-10.a (engine demo. also used: RPME, CODEGEN, LDE32, ETG)

special thanx to S.S.R., greetz goes to Vecna, Mr.Sandman

action:

  1. when infected PE file started, check (by means of Atoms) if dropper is alredy running, then exit; otherwise re-execute current program, leaving current process as main viral process.
  2. when main viral process is executed, build new permutating copy (slow-permutating) by means of RPME, then search for PE EXE files, and infect'em.

infection method: (MISTFALL engine)

  1. disassemble file (fixups required)
  2. integrate with viral body
  3. assemble file

infection details:

So, poly-encrypted permutated viral body is completely integrated with target file. Hmm.. checkmate?


By accessing, viewing, downloading or otherwise using this content you agree to be bound by the Terms of Use! vxer.org aka vx.netlux.org