>>...
>>If you want some indepth on polymorphis I recomend you the 29a papers:
>>http://vx.netlux.org/29a/
> I'm not a master in this branch however let me citate one of the
> aritcles found on the server you sent me (i also recomend you to read it):
I read it long ago thxs.
> Level 4: decryptor uses interchangeable instructions and changes
> their order (instructions mixing). Decryption algorithm remains unchanged.
> Level 5: all the above mentioned techniques are used, decryption
> algorithm is changeable, repeated encryption of virus code and even
> partial encryption of the decryptor code is possible. "
> ----- CUT --------------------------------------------------------------
> So appending to this source i got a level 3 or level 4, unless you fully
> understand the source. I'm not saying it is perfect, is was written in 5
> days.
Well, at least what I've seen is a level 3 polymorphism, due to the fact that
you don't perform instrucction mixing, but block mixing which is quite
different.
Don't get me wrong, I love to see this kind of source and I'm a great fan of
polymorphic engines :) Just making a note that your approach needs a little
bit more of tweaking :)
>>...
>>If you want some indepth on polymorphis I recomend you the 29a papers:
>>http://vx.netlux.org/29a/
> I'm not a master in this branch however let me citate one of the
> aritcles found on the server you sent me (i also recomend you to read it):
I read it long ago thxs.
> Level 4: decryptor uses interchangeable instructions and changes
> their order (instructions mixing). Decryption algorithm remains unchanged.
> Level 5: all the above mentioned techniques are used, decryption
> algorithm is changeable, repeated encryption of virus code and even
> partial encryption of the decryptor code is possible. "
> ----- CUT --------------------------------------------------------------
> So appending to this source i got a level 3 or level 4, unless you fully
> understand the source. I'm not saying it is perfect, is was written in 5
> days.
Well, at least what I've seen is a level 3 polymorphism, due to the fact that
you don't perform instrucction mixing, but block mixing which is quite
different.
Don't get me wrong, I love to see this kind of source and I'm a great fan of
polymorphic engines :) Just making a note that your approach needs a little
bit more of tweaking :)
> Hope this helps you.
> best regards,
> Piotr Bania
Greets.
--
Alejandro Barrera García-Orea
R&D Engineer
c/ Alcala 268 28027 Madrid
Office: +34 91 326 66 11
Fax: +34 91 326 66 11
e-mail: abarrera (at) iron-gate (dot) net [email concealed]
[ reply ]