Skip to content

Latest commit

 

History

History
67 lines (40 loc) · 2.62 KB

README.md

File metadata and controls

67 lines (40 loc) · 2.62 KB
Raw

war

This project is the continuation of pestilence. The purpose is to adding polymorphism to the virus.

Polymorphism

A polymorphic computer virus is a type of malware that possesses the capability to alter its code or appearance each time it infects a new system. This unique characteristic provides several advantages for the virus:

1. Evasion of Antivirus Detection

  • Traditional antivirus software relies on signature-based detection, which involves identifying known patterns or signatures of viruses. Polymorphic viruses constantly change their code, making it difficult for antivirus programs to recognize and create accurate signatures for detection.

2. Extended Lifespan

  • Polymorphic viruses have a longer lifespan compared to their non-polymorphic counterparts because they can evade detection for a more extended period. The constant mutation helps the virus stay ahead of signature-based security measures.

3. Increased Payload Delivery

  • Polymorphic viruses can carry a variety of payloads or malicious functions. By changing their code regularly, they can adapt to different environments and deliver a wide range of payloads without being easily detected.

4. Dynamic Obfuscation

  • Polymorphic viruses use dynamic obfuscation techniques to hide their true nature. By constantly changing their appearance, they can avoid static analysis methods that rely on the analysis of unchanging code patterns.

For this project, the objetive was to include a hash after our signature. It was coded by taking the system clock time and passing it, in hexadecimal format, to ASCII readable characters.

This simple action will make that some kinds of analysis will fail as the same infection over the same binary will get a different result and a hash over an infected binary will result on a different one every time.

The result of strings /tmp/test/infected_binary | grep War would be something like this:

War version 1.0 (c)oded by Core Contributor darodrig-rcabezas, Lord Commander of the Night's Watch - XXXXXXXXXXXXXXXX

Usage

As there is a .devcontainer, you can open the project with your VSCode with the appropiate extension and the Docker container will deploy automatically.

Alternatively, you can deploy it the hard mode:

docker build -t war .
docker run -v $(pwd):/root/war -it war

Inside the container:

make && ./build/war

If you want to see the syscalls and a simple test we have done:

make run

or to debug it:

make g

Testing

We have added some testing. This can be executed with:

make test