РусскийEnglishУкраїнськаDeutschEspañolFrançaisItalianoPolski

VX Heavens

Library Collection Sources Engines Constructors Simulators Utilities Links Donate Forum

[Deutsch][English][Español][Italiano][Français][Polski][Русский][Українська]

«Polymorphism - A Discussion Of Methodology And Implementation» (0) 21Kb 3178 hits
*-zine (Asterix) [2] (1999)

This article deals with a viral technology that has been widely documented, discussed and implemented. However, it is aimed at explaining certain design flaws in current polymorphic engines and proposing solutions for these flaws, as well as suggesting improvements to current technology.The discussion will present an overview of the history of polymorphism pertinent to our subject, anti-virus detection methods, and will present concepts needed for properly designing polymorphic engines with a view to their survival in the wild. It will also include a section on structuring and writing polymorphic engines.

«Polymorphism: Level 6B (Polymorphism: Chaotic Permutations)» (0) 10.17Kb 7362 hits
(1999)

Level 6: permutating viruses. The main code of the virus is subject to change to change, it is divided into blocks which are positioned in random order while infecting. Despite of that the virus continues to be able to work. Such viruses may be unencrypted.

«Advanced Polymorphism Primer» (0) 9.53Kb 8711 hits
40hex [11] (1993)

[...] With the recent proliferation of virus encryption "engines," I was inspired to write my own. In a few short weeks, I was able to construct one such routine which can hold its own. A polymorphic encryption routine is nothing more than a complex code generator [...]

«Other techniques of polymorphism» (0) 8.36Kb 3105 hits
*-zine (Asterix) [2] (1999)

Polymorphism is for viruses one of the must. Buz[FS] brings us some valuable ideas for the coding. His paper is very consistent and good written. But there are several ommited things that we should mention.

«GLiTCH's Polymorphic Batch Tutorial» (0) 13.33Kb 7117 hits

«The 'bliem' polymorphic engine for VBA» (0) 6.1Kb 6541 hits

This engine is a combination of both a class infector and a polymorphic engine. The whole thing is called 'bliem' like the virus I first used this engine in.

«Mutation Engines» (0) 8.14Kb 7062 hits
Xine [1] (1996)

I had taken apart several viruses, but most mutation engines due to thier nature are difficult to dissassemble. So after seeing other people's code I decide to try my hand at this type of coding. This article will illustrate the path I took in designing and building a Mutation Engine.

«Polymorphism - Analysis on the decryptor generator 1.5» (0) 63.29Kb 6554 hits
29a [2] (1998)

Before the heuristic analysers and the code emulators appeared on the market the usual encryption methods worked pretty good. And I do not speak only about viruses. I also reffer to the methods used for protecting software and data. Code emulators are able to crack your protections in a matter of minutes. That's when the ideea of polymorphism arose. A coder from Bulgaria passing by the nickname of Dark Avenger who wrote a lot of destructive viruses (including an antivirus against two of his viruses who unleashed a third virus) came with this ideea when his MtE (Mutation Engine) appeared. What polymorphism is really all about is creating self decrypting code, able to create each and every time a different decryptor containing both decrypting code and also junk instruction designed to make debugging and emultating harder.As this article is not designed to explain why is this needed or make a pro statement for polymorphism I will get directly to facts.

«An Introduction to Encryption, Part I» (0) 13.41Kb 9367 hits
Final Chaos [1] (1999)

First, a brief description of some of the principles involved in encryption that you should know before we start. After the principles follows a brief discussion of a few more important topics, then examples of the encryption types mentioned here.

«An Introduction to Encryption, Part II» (0) 19.07Kb 5133 hits
Final Chaos [1] (1999)

I'll give you some ways of making your data as secure as possible, along with a few ways of reducing the amount of code you require to encrypt and decrypt something securely. As before, I will leave the tutoring of armouring to people better qualified to teach (I've only dabbled in the subject so far).

«An Introduction to Encryption, Part III (Is an impenetrable encryption possible?)» (0) 8.01Kb 5105 hits
Coderz [1] (2000)

«Viral polymorphism» (0) 23.63Kb 7788 hits
SANS Institute (2003)

This paper is an overview of polymorphic and metamorphic viruses. It defines them, provides some information regards the safe handling of them and comments on the legality/morality/policy regard the analysis of them. It looks at their history and the methods that they used both with reference to individual viruses and the virus toolkits prevalent in the early 90s. The response of the anti-virus industry is described along with the more recent evolution to metamorphic viruses and the challenge they provide. The aim will be to describe the techniques and then draw parallels between what was seen with viruses and what may happen with worms which now dominate the "virus" world.

«"Smart" trash: building of logic» (0) 15.8Kb 1548 hits
Electrical Ordered Freedom #3 (2011)

The main goal of garbage instructions - a hiding/protection of useful code (from av'ers, a watchful eye reverser and other curious). However, the "wrong" trash can lead to detection of viral code, thereby undermining all our efforts.This text is about how to improve the quality of the generated garbage.

«Argument for slow infection and slow polymorphism» (0) 7.54Kb 6541 hits
Insane Reality Magazine [8] (1996)

Many people say that fast infectors are better than slow infectors but I have to disagree. The goal of a virus is to travel to as many hosts as possible. Agreed?

«Guide to improving Polymorphic Engines» (0) 17.61Kb 7148 hits
Insane Reality Magazine [8] (1996)

This is a guide for those who already know how to make an engine but cannot work out why their viruses are still detectable.

«Hiding your virus in the matrix» (0) 19.92Kb 7053 hits
(2009)

In this article you will read about a new kind of polymorphism provided by the eigenvalue problem. We will use some easy results from linear algebra to understand the concept, look at the encryption, decryption and chipher code, see some example and a running virus using this technique, and read about how to use that technique and how to improve it.

«A general description of the methods behind a polymorph engine» (0) 23.19Kb 6926 hits

This .DOC attempts to provide an insight into the workings of a Polymorph Engine. The methods described in this .DOC are the ones used in SMEG (Simulated Metamorphic Encryption Generator) Polymorph Engine and are by no means the only way to do it!

«Advanced polymorphic engine construction» (0) 38.16Kb 9232 hits
29a [5] (2000)

This article is assumed upon a basis on polymorphic engines construction, so you need an adquired good knowledge about decryptor generators and its construction (it's not for newbies! ;)I wrote this for win32 engines. I'm not very versated in Linux/Unix virusing, but modifying some words on this article (and some points in the index) it can be extrapolated to engines under these systems.

«Thoughts About The Use Of Garbage Instructions In Polymorphism» (0) 4.61Kb 3291 hits
Ready Rangers Liberation Front [7] (2006)

Most texts on polymorphism suggest that the use of garbage instructions are paramount, in my playing with polymorphism I have come to the conclusion that Garbage is of limited use in protecting a virus from AV software and can in fact do the opposite.

«A Discussion of Polymorphism» (0) 9.38Kb 5336 hits
Data Plus (1992)

A polymorphic virus is a type of encrypted virus. Let's talk about those first. Many anti-virus programs rely on what we call a "scanner" which looks for an unusual sequence of machine language instructions or other unique data that indicates that a given virus is present. To defeat this, virus writers started encrypting their viruses by applying (for example) a random number exclusive-or'ed with the body of the virus. This obsfucates the unique string of bytes. So, programs like McAfee's scan had to do one of two things: look for the decryption routine (which cannot itself be encrypted since the 808x microprocessor would fail to execute it); or attempt to decrypt the body of the virus and look for the unique string of bytes in the body of the virus.

«"Do polymorphism" tutorial» (0) 15.91Kb 293 hits
DDT [1] (1999)

This tutorial isn't to discuss about any polymorphism matters, or to just explain you it's basics. It's fully oriented for you to at last learn how to write a polymorphic engine, with useful tips on how to implement it.Some coders, even some really good ones, feel it so difficult when it's time to come into polymorphism. "Ok, I have to swap instructions, but how the hell do I make that, how do I control the decryptor length and that the decrypting instructions are on their place?" and so on.

«Polymorphism and grammars» (2) 21.82Kb 7829 hits
(1999)

This is a technical article about polymorphism and grammar/automaton theories, which is intended to give a new point of view about this virus technique, and to show you some things on polymorphism theory. Before you start this, keep in mind it's not a "begginer article". If you never did a polymorphic engine or you don't know what the hell it is, you may come here later.

«Mutation Engine Report» (0) 25.22Kb 6171 hits
(1992)

This report is provided to satisfy the curiosity of the public. We were approached by some third parties to perform an analysis on MtE. We would like to share the results of our analysis with everyone. If you find an error or inaccuracy in this report, please feel free to contact us. All constructive criticism is welcome. We thank all those who took the time to read and bring inaccurate or ambiguous parts of this report to our attention.

«Polymorphic Viruses - Implementation, Detection, and Protection» (0) 13.84Kb 7500 hits
(1993)

This paper discusses the subject of polymorphic engines and viruses. It looks at general characteristics of polymorphism as currently implemented. It tries to maintain a practical presentation of the subject matter rather than an academic and abstract approach that would confuse many people. Basic knowledge of the Intel 80x86 instruction set will be highly useful in understanding the material presented. A very detailed discussion is avoided not to have the side effect of "teaching" how to create polymorphic engines or viruses. The purpose is to help computer professionals understand this trend of virus development and the threats it poses. It should serve as a starting point for individuals who would like to get an idea about the polymorphic viruses and how they are implemented. Long gone are the days of innocence, when any schoolboy could write a virus scanner using a few signatures extracted from captured virus samples. The subject of polymorphism can be extended to other areas such as anti-reverse-engineering or anti-direct-attacks, and it can be argued to be useful in that context. This paper only looks at the use of polymorphism in PC viruses to avoid simple detection techniques.

19 authors, 24 titles