Encrypted Viruses

nickth93

Hello Everyone!!!! I would like some help with my University Project. If you could give me names of some known Win32 encrypted viruses. It would help if you could send some link to the virus' analysis.

 

What I call an encrypted virus you may ask.

Encrypted viruses are viruses that can avoid detection by antivirus software by encrypting the biggest part of the virus, leaving unencrypted only a simple routine which decrypts the virus and a random key for encryption.

 

It would be great if you could help ASAP.

gancal

Hi nickth93,

I guess you're looking at more into polymorphic viruses as well? Sality would be a good candidate or any Mystic compressed files.

Some interesting SHA1 hashes (unfortunately we won't be able to share samples with you directly) which you can search in VirusTotal or Malwr.com with regards to Mystic:

a5c3a1f9668369ca8771db59ec5083b595e45956
a8a924cedf97c02ec22887cd15bd241da8254677
7ea2068997a55071c6b1cd678dbd5f80443a7b8d
896c12097347b797a0d3fd22ed83fa032ea68560
a9051bc89ba82bbc2105078b0eb1ec4357d3f430

If you are looking for malware packers, you can search for UPX, FSG, LordPE, ASProtect or ASPack as starters.

Have fun analyzing.

nickth93

Thank  you very much. Your examples are a great help, however I think polymorphic viruses are on another chapter. I believe encrypted viruses refer to metamorphic viruses. So for example I'd say now that I have searched far and wide, Win32.Apparition. I will write about polymorphic viruses on another chapter using your examples. Thank you really much.

gancal

Glad to be of help.

 

p/s: Something more recent, Upatre family might be of interest as well.

 

 

_CyberGhosT_

You may also find what you need over at MalwareTips.
I am a member there, and a lot of testing and reviews goes on there. We have a updated list of Viruses & Malware we use for testing & review purposes. PeAcE