[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine

To: abarrera@xxxxxxxxxxxx, FULLDISC <full-disclosure@xxxxxxxxxxxxxxxxx>, SBUGTRAQ <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
From: Piotr Bania <bania.piotr@xxxxxxxxx>
Date: Fri, 09 Sep 2005 22:19:25 +0200

Re,

>...
>If you want some indepth on polymorphis I recomend you the 29a papers:
>http://vx.netlux.org/29a/

I'm not a master in this branch however let me citate one of the aritcles found on the server you sent me (i also recomend you to read it):

----- CUT -------------------------------------------------------------- " There exists a system of division of polymorphic viruses into levels according to complexity of code in decryptors of those viruses. Such a system was introduced by Dr. Alan Solomon and then enhanced by Vesselin Bontchev.

Level 1: Viruses having a set of decryptors with constant code, choosing one while infecting. Such viruses are called "semi-polymorphic" or "oligomor phic".

Examples: "Cheeba", "Slovakia", "Whale".

Level 2: Virus decryptor contains one or several constant instructions, the rest of it is changeable.

Level 3: decryptor contains unused functions - "junk" like NOP, CLI, STI,etc

Level 4: decryptor uses interchangeable instructions and changes their order (instructions mixing). Decryption algorithm remains unchanged.

Level 5: all the above mentioned techniques are used, decryption algorithm is changeable, repeated encryption of virus code and even partial encryption of the decryptor code is possible. " ----- CUT --------------------------------------------------------------

So appending to this source i got a level 3 or level 4, unless you fully understand the source. I'm not saying it is perfect, is was written in 5 days.

Hope this helps you.


best regards,
Piotr Bania


--
--------------------------------------------------------------------
Piotr Bania - <bania.piotr@xxxxxxxxx> - 0xCD, 0x19
Fingerprint: 413E 51C7 912E 3D4E A62A  BFA4 1FF6 689F BE43 AC33
http://pb.specialised.info  - Key ID: 0xBE43AC33
--------------------------------------------------------------------

                          " Dinanzi a me non fuor cose create
                            se non etterne, e io etterno duro.
                            Lasciate ogne speranza, voi ch'intrate "
                                          - Dante, Inferno Canto III

Follow-Ups:
- Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
  - From: Alejandro Barrera

Prev by Date: [SECURITY] [DSA 808-1] New tdiary packages fix Cross Site Request Forgery
Next by Date: PHP Nuke <= 7.8 Multiple SQL Injections
Previous by thread: [SECURITY] [DSA 808-1] New tdiary packages fix Cross Site Request Forgery
Next by thread: Re[2]: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
Index(es):
- Date
- Thread