informis
/
textfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
textfiles/virus/DOCUMENTATION/vice.nfo

161 lines
7.3 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

°± ±° ÜÜ tm
°± ±° ÛÛßßß Ûßßß Version
°±±° ÛÛ ÛÛ Ûßßß 0.5
°± ÛÛ ÛÛÜÜÜ ÛÜÜÜ
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ûirogen's Irregular Code Engine
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
(c)1995 ûirogen [NuKE]
"A Virus Is Only As Great As It's Polymorphic Engine"
-ûirogen
****************************************************************************
DISCLAIMER: This polymorphic engine is actually part of a conspiracy
against you. Every living thing on this planet has made a mutual agreement
to conspire to make your life a living hell.
****************************************************************************
Introduction
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Welcome to ûirogen's Irregular Code Engine v0.5. This is a new polymorphic
tool which can easily be included into any virus. It generates 100%
polymorphic decryptors which are extremly variable in both code and action.
You should find this engine quite effective.
With this version, I include the entire source code. One reason is because
I don't plan on updating this polymorphic engine any furthur. I'm sure
it can be improved, but those improvments will be done with a completly
new engine done from scratch; which I'll do eventually. This engine is
just done, I need to start from scratch again.
How to Use
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Add the following line to your latest super-virus:
extrn _vice:near
Then call the routine from your code with the following parameters:
CS:SI = address of code to encrypt
CS:DI = address to put decryptor+encrypted code. (Be sure to reserve
an extra 850 bytes for the decryptor code if garbage is
turned on. If garbage is off then 50 bytes should suffice.)
CX = total code size (don't forget to add in the size of ViCE,
1995 bytes)
DX = offset where decryption routine will be run from.
(i.e. The offset where the decryptor will start on the infected
file)
AL = options byte, defined as follows:
76543210
³³³³³³³ÀÄ 0=CS: Segment Override In Decryptor, 1=No CS: Override
³³³³³³ÀÄÄ 0=Garbage Code Off, 1=Garbage Code On
³³³³³ÀÄÄÄ reserved
³³³³ÀÄÄÄÄ reserved
³³³ÀÄÄÄÄÄ reserved
³³ÀÄÄÄÄÄÄ reserved
³ÀÄÄÄÄÄÄÄ reserved
ÀÄÄÄÄÄÄÄÄ reserved
bit 0=This bit specifies whether or not to force use of the CS
segment in the decryptor. Typically, this bit should
be set to 0 when infecting a COM file, and 1 when
infecting an EXE.
bit 1=This bit turns garbage code on or off. Garbage code
greatly increses the size of the decyptor, but adds even
more variability to the code.
Returns:
CX = Total length (virus code+decryptor)
Specifications
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
ViCE
Current Version: 0.5 05-08-95
Procedure Name: _VICE
Code Size: 1995 bytes
Regs Destroyed: None. CX=Code Length
Decryptors Generated
Size: Approx. 13 - 850 bytes
Encryption Type: ADD,SUB, and XOR - combinations of any. Direct, load
into register and manipulate, or load key into register
and directly crypt.
Regs Destroyed: Everything except segment registers
Garbage Code: Random number of bytes between each functional operand.
Detection: None.
Obtaining The Latest Version / Contacting ûirogen
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
The latest version of this engine can be downloaded from the West Coast
Institute Of Virus Research. I can be reached via NuKENet.
History
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
v0.1á = 02-05-95: þStarted coding.
02-09-95: þFirst Beta Release. Getting too anxious to release
this mother fucker.
v0.2á = 02-11-95: þFixed bug which rarely caused lockups when the decryptor
size became too large for the loop construct. As a
result, decryptor sizes have been reduced.
þRandom Number seed wasn't being initialized correctly,
fixed. No biggie, but things were predictable everytime
it started with a seed of 0.
þAdded capability of garbage code between a couple of
operands it didn't before.
þImproved Anti-TBSCAN code significantly
þOptimized code; this version ended up being only 15
bytes larger.
þThis version is released under [NuKE].
v0.3á = 02-21-95: þRewrote garbage code engine. Now much more diverse.
þFixed bug which occasional resulted in only partially
encrypted viruses.
þFixed bug in that the new total code size returned in
CX was accidently being added to the run offset of the
decryptor. This caused the virus size to be larger than
it really was in some cases.
v0.4á = 02-24-95: þImproved engine power.
-Added new technique of encryption which is very
variable.
-Added new possible operand combinations in some
functions.
-Decryptors may now be larger, be sure to reserve up
to 250 bytes.
þThis will probably be the last version for a while, I'm
taking a break from coding for a bit. The next version
will be a big jump. Probably v1.0 provided nothing new
happens ; this will be the final of this engine.
v0.5 = 05-07-95: þWent through and commented the code, optimized some of
it.
þRemoved Anti-TBSCAN code (as version 6.34 circumvents
it) and replaced it with larger decryptors.
þRemoved possiblity of garbage code generated which made
a CMP or TEST to the same register. (i.e. TEST AX,AX).
þAll ADD and SUB operands which function on the AX
register now are written in the short form.
þNow sets up its own stack.
þNo longer tolerates ES or DS segments which aren't
equal to CS.
þRemoved option to turn off JMPS in garbage code.
þReleased complete source code.
þTHIS IS THE LAST VERSION OF THIS ENGINE [I think]. I
think I can do better with a newly designed engine.
ûirogen [NuKE]
Reference in New Issue View Git Blame Copy Permalink