Dark Paranoid

    This is another elite contribution to our zine. So, after some time passed from release of this beautifull piece of code, we can present it to the virus comunity. I would like to express my unlimited thanx for allowing me to publish the source code to the author. Coder of Dark Paranoid, known under handle Terror-6, is one of the young Slovak programmers, who are countinuing the work of Vyvojar - to bring to the world new, never before seen viruses of the finest slovak quality. So far, according available information, Terror-6 is working on something, but no one knows, what it is. But we can hope, it will be some wild thing.


    And now, let's talk about Dark Paranoid. This is very unusual com'n'exe com'n'exe file infecting resident virus. The approximate lenght of code, which is appended to target file is about 6 kB. When infecting com files, the Dark Paranoid 'll place own code to the start of file and the original contens of file 'll be moved behind the viral body. Exe's are infected as usual, the virus is appended to the end of file and the header 'll be manipulated to point to the virus. But what makes Dark Paranoid so unusual is its polymorphism. This virus is polymorphic even in the memory. In every moment, only one instruction from virus is unencrypted. After execution of this instruction occurs INT 1. Handler of INT 1 'll reencrypt executed instruction and decrypt next one. Decrypted instruciton 'll be execuded and excrypted again. And this is the princip of Dark Paranoid's "ENGINE OF ETERNAL ENCRYPTION". If you think, that INT 1 handler could be used as possible scanstring, you are so hopeless and crap ...


    When author spended such a amout of time and beer to code such a beutifull virus, and then he allow to catch it in memory with simple scanstring, he 'd be a big jerk. So, dear Averz and dear virus friends, handler is slightly polymorphic. On every instalation to the memory is this handler changed.


    Virus avoids to infect files, which starts wiht 'AV', 'SC,' 'CL', 'GU', 'NO', 'FV', 'TO', 'TB'. In plain text, Dark Paranoid 'll not infect AVP, SCAN, CLEAN, GUARD, NOD (but ICE 'll be infected :(((( ), FINDVIRUS, TOOLKIT and TBAV. Dark Paranoid 'll also avoid to infect baits and goats.

    Dark Paranoid contains payload - it prints on the screen text Dark Paranoid and shakes the screen.


    Finally, all I have to say is - enjoy the code.

Download here   




.