I'm not a prisoner - I'm a FREE man!
(The Prisoner by Iron Maiden)
.:| Virus Related |:.
Artificial Evolution in x86
A project to apply evolution in x86 systems. Uses a meta-language
concept to increase robustness under mutations. Several guard files are used to
prevent the system from crashing, leading to a semi-stable state where the evolution
experiment can run for hours. See the corresponding article to get more information.
File Splitting Engine (also released in rRlf #6)
This is just a small engine, but I'm sure it could be very useful. What does the engine do?
It splitts the current file into 3-10 byte parts and creates a joining file (called start.bat).
To understand it's purpose, you should read my article called "Over-File Splitting".
Gloeobacter violaceus (also released in rRlf #6)
I proudly present my very first real Win32 Project. Before anything else I have to say that
this is neighter a real virus nor a real engine. It is a program emulating the nature's mutations.
I would descripe it as a primitive artificial life form. About the name:
I've thought long time about a suitable name, and I think I got a right one:
'Gloeobacter violaceus' are very simple bacteria, and also one of the very first lifeform on our world.
This programm is a VirusConstructionKit, which I've created mainly in 2003. A generated worm
can send (eighter encrypted or usual) eMails with Outlook; spread via IRC (mIRC, pIRCh, vIRC, dIRC and xIRCon);
autostart itself at system start (4 different ways); spread via 10 different P2P programs; is able to hook
differnet file-formats (LNK, BAT, CMD, PIF, VBS, HTM) and can be highly randomly encrypted.
Batch Worm Generator | 5.03
With this program I had my first contacts to other people in the virus-scene. Means that
I've began it in March 2002 and stopped somewhen in 2003. A generated worm is able to overwrite batch files
in 5 different directories; can hook five different file-formats (REG, VBS, JS, PIF, LNK); can copy itself
to a floppy disk or to the desktop; can spread itself via Outlook; can spead itself via KaZaA; can spread
itself via mIRC, pIRCh and vIRC; can use four different auto-start methodes; and can do additional stuff
(EICAR fooling; Anti-Heuristic-Tricks; copy to undeleteable directories; ect...)
Random Silly Batch Generator (Constructor.Bat.Rsbg | also released in DvL's BATch Zine #2) | 1.0
This program only generates Silly BAT-viruses. But it uses many Encryption techniques.
The first technique is the set-encryption, which uses special characters to encrypt every sign. The
second technique is the fake-real-goto-fake-lable technique. Next special thing is the pseudo-trash
between the whole code. Next function is, that one to four lines are trash-lines. I'm sure that
this program will be a big hardcore-problem for AVs. :D
Simple Win32ASM Overwriter Generator (Constructor.Win32.SWOG) | 1.0
This tool generated very simple Win32ASM overwriter viruses. But the special thing is,
that every generation is totally random. First technique is adding trash to the code. Second
technique is changing the instruction of the code (like inc eax - add eax, 1 or something like that)
Third technique is changing of the registers, which are used by the virus. And the fourth technique
is moveing every command to another place (only technique 4 allows 26*25*24*23*...*3*2*1 generations).
Holy Encrypter (VirTool.Win32.HolyCrypt) | 1.0
This program encrypts every message, what you want. It uses for every letter an
different key. The key are two numbers, which tells the program, what decryption key
it have to use. It impossible to decrypt the messages without looking at the source of it.
Batch Encrypter (VirTool.Win32.BatCrypt.nn) | 1.2 | 1.3 | 2.0
This program is from Tim Strazzere. Due he stopped releasing new versions of it, I make it.
The program itself is maybe one of the best BAT-encrypter ever made. It uses "set" commands to encrypt
the files, and it uses fake-set's to avoid easy emulation. Other freatures are adding trash to the files
and random variable size.
Special Format Generator (Constructor.BAT.Formater.x) | 1.0 | 2.0
The program generates a BAT-file, which formats the harddisk. The special thing is, that the
file is 100% encrypt with set encryption using special characters. It also use fake set's to avoid easy
emulation of files.
Polydrop (Constructor.BAT.Podrop.x) | 1.0 | 2.0
The program generates a easy BAT virus. The special thing is, that the tool use the
body-moving technique after every command, and as a result, there exists about 41*40*39*38*...*3*2*1 different
Setman (Constructor.BAT.Setman.nn) | 1.0 | 2.0 | 3.0 | 4.0 | 5.0 | 6.0 | 7.0
This program generates a I-Worm, which is totally encrypt with set's. The name come from the encryption-type.
The user can choose the subject-, body- and attachment-name since version 2.0.
Batch Trojan Generator (Constructor.BAT.BTG.nn) | 0.01 | 0.02 | 0.03 | 0.04 | 0.05 | 0.06 | 0.07
The BTG generates trojan horses for Bat. There are not only the techniques, which are used in nearly every
BAT trojans, but there are also some new, which I discovered. Every trojan is totally encrypt with the set-technique.
Looper Generator (Trojan.Looper) | 1.0
This program generates very silly trojans, which writes much trash into the autoexec.bat.
The idea behind the program was, that the output is very small, and it will be a problem for AV's.
.:| Anti Virus Related |:.
Anti Virus for MenuetOS | 1.0
This Program is my very first Anti Virus Program, my very first senseful program for MenuetOS
and also the very first and only Anti Virus Program for MenuetOS. It has a very professional-looking window
and also a menu. The program detects every MenuetOS virus (well, just one) called 'Menuet.Oxymoron (you can
find it at this page :D) and where Kaspersky AV failed (They just detect the virus at a static offset), this scanner
is able to detect it. Next version will also contain a heurstic scan for Menuet virus, and also more viruses, if
there are some.