.: Delikon (a) :.

Released 17 years, 9 months ago. Jan 2004

By Delikon

Additional Details

  • Coded by: Delikon
  • Version: Delikon (a)
  • Released date: Jan 2004, 17 years, 9 months ago.
  • Coded in: C
  • Family: Delikon (a)
  • Category: Remote Access

Author Words

A polymorph and encrypted VIRUS in C 

By Delikon/ --/EMAIL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- / --/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- /6.1.2004

This is my first try, to code a polymorph and encrypted virus.

1) The encryption is very simple only 1 byte xor encryption

2) The polymorphism is also very simply, the decryptor is padded with 1 - 6 nops.

The virus.zip archive includes the sourcecode(vc++) and binary from the virus and the dll which binds the cmd shell on the port 6002.


***********The Algorithm of the virus**************

the virus creates a new thread which search for file in the current folder and all folders below, 
if it find .exe files which are bigger than 100k it will infect them.

if the virus has end searching it will check if there is a dll with the name b.dll in the system32 folder,
if there is one it will call the main function
if there is no dll, it will download the dll.
The advantage of this is that you can define always new features of your virus, without changing the virus code.

*********************ADD the url for the dll********************


open the virus2.exe and write the url at the end of the code like this

[virus-code][one NULL_Byte left]--/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\--

This DLL will bind a shell on port 6002.

Delikon

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.