Anyone have a sample of "Mariposa" bot or ButterFly Bot sample?
Thanks.]]>
What is the solution of this problem?]]>
here is the link
[Register or log in to view the URL]
don't bother checking the videos, they are useless like TV Ads.
thanks.
]]>I downloaded NGVCK,VCL,G2 and...virus construction kits for produce malware asm code that be compile easly.
But, I can't compile NGVCK or VCL32 virus correctly and I encounter some error in compile time when compile its with TASM32 and link with TLINK32.
NGVCK asm file compiled incorrect and map file is include below error:
Error: Unresolved external 'EXITPROCESS' referenced from module C:\TASM\BIN\NGVCK11.asm
and when I compile VCL32 malware asm file, below error write in map file:
Error: Unresolved external 'SLEEP' referenced from module C:\TASM\BIN\14.ASM
Error: Unresolved external 'EXITPROCESS' referenced from module C:\TASM\BIN\14.ASM
and when I analysis this exe files with anubis sandbox, I received same result for all of compiled files.
what is the reason of this errors and How change asm file to handle this errors?
thanks
]]>Please tell me is there a way to execute ELF file from memory?
I wrote a simple code in C, which reads elf-header, loads all segments by mmap into memory and transfers control to start point of executable by asm-command jmp. Everything goes ok with simple asm-programs like hello-world, but I get segfault while executing more complicated C-programs.
I've tried to pack them by UPX first, when load compressed file by my program (there are only two code segments in upx-file, no interpreter), but also got segfalt.
I think there are three problems:
1) I don't know how to correctly load interpreter (like /lib/ld-linux.so.2) and dynamic libraries.
2) I don't know what I should do with .got section, .bss section and others. It isn't enough to place them in memory, is it?
3) I place my code at wrong address (I tried 0x01048000 and 0x09048000).
I thought UPX would solve my problems #1 and #2, but I was wrong because UPX reads itself from file got by /proc/self/exe.
Also, I looked through UPX unpacker code, but it's a bit too complicated for me, so it would take a long time to understand it and implement it in my program.
Any ideas would be helpful, thanks!
]]>I'm currently looking for source codes for bot nets. Such as Koob Face,Zues, Trojan.Fakeavalert.
Can any one help me on this ?
Thanks.
]]>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs
will be loaded into every process that links to User32.dll as that DLL attaches itself to the process.
works Fine with windows xp.
but not working on vista and win7
i also took help from bill gates..:)
LoadAppInit_DLLs
(REG_DWORD)
Value that globally enables or disables AppInit_DLLs.
0x0 – AppInit_DLLs are disabled.
0x1 – AppInit_DLLs are enabled.
AppInit_DLLs
(REG_SZ) Space -or comma-delimited list of DLLs to load. The complete path to the DLL should be specified by using short file names.
C:\PROGRA~1\Test\Test.dll
RequireSignedAppInit_DLLs
(REG_DWORD) Require code-signed DLLs.
0x0 – Load any DLLs.
0x1 – Load only code-signed DLLs.
these registry keys need to change for Dll injection on vista and win7
but not success
i build my dll on windows xp 32 bit machine.will that be problem when i use it on vista.
]]>Looking on this site, most explanations require some experience in virus writing, so thats not very introductory. Win32 and Linux ok. assembler does not matter which one. intel at&t syntax both helpful.
This site has alot of magazines also, maybe one of those has something, but it could take forever to find which one is up to date and useful.
So if anyone here can recommend something thanks.
Ps: I have done some research on my question and I can ask very specific questions about coding, if there is someone here that has the time to do a walkthrough with me, pm or email me. Win32 ok, but I would prefer Linux, gcc and linker and as or nasm. But anything that works is ok.
]]>I've done some googling and found that [Register or log in to view the URL] has some proprietary software that can be used for software protection. I also found references to some older stuff like the z0mbie mutation engine. Anyone know of any other more mainstream code obfuscators--possibly even free ones? The majority of my googles are just giving me .NET stuff, and I'm more interested in C/C++ code obfuscators.
]]>nub question: is x64 diff to x84 when run or when compiled??
]]>I am many researched Windows ShortCut's - flags, locked lnk and others interesting things.
StuxNet has opened me quite new subject. Shortcut on Control panel & DllMain...
So, possible create LNK and prescribe ABSOLUTE network path, and provide mass infection on LAN-network. 
(\\comp\hidden-shared$\test.dll)
But...how can prescribe relative path in vulnerable lnk?
e.g. ".\test.dll"