flat assembler
Message board for the users of flat assembler.

Index > Heap > Some old windows viruses

Author
Thread Post new topic Reply to topic
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Post 07 Sep 2011, 05:27
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
Why so much attention on malware? Wouldn't you rather be doing something worthwhile instead?
Post 07 Sep 2011, 05:53
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
I hanged my system with a driver denying every application access to registry. I am screwed... I can't unload it right now.
Post 07 Sep 2011, 06:10
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
revolution wrote:
Why so much attention on malware? Wouldn't you rather be doing something worthwhile instead?


I am doing something worthwhile....I'm studying.. Very Happy
Post 07 Sep 2011, 06:11
View user's profile Send private message Reply with quote
DOS386



Joined: 08 Dec 2006
Posts: 1901
DOS386
> Some old windows viruses

Obsolete. I need this one - binary with source code Smile
Post 07 Sep 2011, 14:44
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
DOS386
I have only binary, if you want I'll upload it for you Laughing
Post 07 Sep 2011, 15:41
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
DOS386 wrote:
> Some old windows viruses

Obsolete. I need this one - binary with source code Smile


Uploaded Stuxnet Source Code is here: http://www.multiupload.com/BDNYSCY5PC

PS: Decompiled by Hex Rays decompiler
Post 07 Sep 2011, 21:09
View user's profile Send private message Reply with quote
me239



Joined: 06 Jan 2011
Posts: 200
me239
Ratter's first virus won't work on most systems because it uses hard coded API's. Window's API's changed location every upgrade and service pack, so this might work only on Win2k, XP sp1, or what ever machine it was developed on, but don't expect it to spread well.
Post 07 Sep 2011, 21:16
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
I'm not spreading or using malwares for bad reason. Instead, I'm learning new techniques what they does Twisted Evil Ex. hide itself, infect, anti-things etc..
Post 07 Sep 2011, 21:23
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Maybe there should be a section for "Security Analysts" Rolling Eyes on FASM.NET.

Anyways, How to disable File Protection on Windows

In registry, HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Key to change:
SFCDisable: 0x0 | Enabled
SFCDisable: 0x1 | Disabled

and to tell the system not to scan for file changes (protected files)

Key to change:
SfcScan: 0x0 | DIsabled
SfcScan: 0x1 | Scan at boot

Then you can start replacing system files with your backdoored files. Evil or Very Mad hehe

For the Lulz Image
Post 07 Sep 2011, 21:35
View user's profile Send private message Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 17474
Location: In your JS exploiting you and your system
revolution
typedef wrote:
Maybe there should be a section for "Security Analysts"
Yes, good idea. And whenever the time comes that we actually get some SA's on this board then we can activate it. Arrow
Post 07 Sep 2011, 23:37
View user's profile Send private message Visit poster's website Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
maybe some CrackMe sections too ? Rolling Eyes Cracking I mean, only legal way of course.
SA-s also has it's own bad point, people can use it for harm, not for good reasons. IMHO, if someone wants to learn asm, he should already know what security is Laughing
Post 08 Sep 2011, 01:08
View user's profile Send private message Reply with quote
Enko



Joined: 03 Apr 2007
Posts: 678
Location: Mar del Plata
Enko
DOS386 wrote:
> Some old windows viruses

Obsolete. I need this one - binary with source code Smile

I don't understand why the virus will delete itself on june 24 of 2012...

the world is going to end, why to auto-delete? Laughing
Post 09 Sep 2011, 12:42
View user's profile Send private message Reply with quote
bitRAKE



Joined: 21 Jul 2003
Posts: 2940
Location: vpcmipstrm
bitRAKE
There are forums for this kind of "research". Some of us here might already be on them. Wink
Post 09 Sep 2011, 13:53
View user's profile Send private message Visit poster's website Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
bitRAKE wrote:
There are forums for this kind of "research". Some of us here might already be on them. Wink

Some might not Wink
Post 09 Sep 2011, 15:00
View user's profile Send private message Reply with quote
OzzY



Joined: 19 Sep 2003
Posts: 1029
Location: Everywhere
OzzY
Overflowz wrote:
maybe some CrackMe sections too ? Rolling Eyes Cracking I mean, only legal way of course.
SA-s also has it's own bad point, people can use it for harm, not for good reasons. IMHO, if someone wants to learn asm, he should already know what security is Laughing


Crack me contests are always fun.
Post 10 Sep 2011, 14:03
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on YouTube, Twitter.

Website powered by rwasa.