Full Disclosure mailing list archives
Re: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
From: Piotr Bania <bania.piotr () gmail com>
Date: Fri, 09 Sep 2005 22:19:25 +0200
Re, >... >If you want some indepth on polymorphis I recomend you the 29a papers: >http://vx.netlux.org/29a/I'm not a master in this branch however let me citate one of the aritcles found on the server you sent me (i also recomend you to read it):
----- CUT --------------------------------------------------------------" There exists a system of division of polymorphic viruses into levels according to complexity of code in decryptors of those viruses. Such a system was introduced by Dr. Alan Solomon and then enhanced by Vesselin Bontchev.
Level 1: Viruses having a set of decryptors with constant code, choosing one while infecting. Such viruses are called "semi-polymorphic" or "oligomor phic".
Examples: "Cheeba", "Slovakia", "Whale".Level 2: Virus decryptor contains one or several constant instructions, the rest of it is changeable.
Level 3: decryptor contains unused functions - "junk" like NOP, CLI, STI,etc
Level 4: decryptor uses interchangeable instructions and changes their order (instructions mixing). Decryption algorithm remains unchanged.
Level 5: all the above mentioned techniques are used, decryption algorithm is changeable, repeated encryption of virus code and even partial encryption of the decryptor code is possible. "
----- CUT --------------------------------------------------------------So appending to this source i got a level 3 or level 4, unless you fully understand the source. I'm not saying it is perfect, is was written in 5 days.
Hope this helps you. best regards, Piotr Bania -- -------------------------------------------------------------------- Piotr Bania - <bania.piotr () gmail com> - 0xCD, 0x19 Fingerprint: 413E 51C7 912E 3D4E A62A BFA4 1FF6 689F BE43 AC33 http://pb.specialised.info - Key ID: 0xBE43AC33 -------------------------------------------------------------------- " Dinanzi a me non fuor cose create se non etterne, e io etterno duro. Lasciate ogne speranza, voi ch'intrate " - Dante, Inferno Canto III _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Piotr Bania (Sep 09)
- Re: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Alejandro Barrera (Sep 09)
- <Possible follow-ups>
- Re: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Piotr Bania (Sep 09)
- Re[2]: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine Alejandro Barrera (Sep 09)