Encrypted Viruses

Hello Everyone!!!! I would like some help with my University Project. If you could give me names of some known Win32 encrypted viruses. It would help if you could send some link to the virus' analysis.


What I call an encrypted virus you may ask.

Encrypted viruses are viruses that can avoid detection by antivirus software by encrypting the biggest part of the virus, leaving unencrypted only a simple routine which decrypts the virus and a random key for encryption.


It would be great if you could help ASAP.

Best Answer

  • gancalgancal Posts: 23
    Accepted Answer

    Hi nickth93,

    I guess you're looking at more into polymorphic viruses as well? Sality would be a good candidate or any Mystic compressed files.

    Some interesting SHA1 hashes (unfortunately we won't be able to share samples with you directly) which you can search in VirusTotal or Malwr.com with regards to Mystic:


    If you are looking for malware packers, you can search for UPX, FSG, LordPE, ASProtect or ASPack as starters.

    Have fun analyzing. Smiley Wink



  • Thank  you very much. Your examples are a great help, however I think polymorphic viruses are on another chapter. I believe encrypted viruses refer to metamorphic viruses. So for example I'd say now that I have searched far and wide, Win32.Apparition. I will write about polymorphic viruses on another chapter using your examples. Thank you really much.

  • gancalgancal Posts: 23

    Glad to be of help. :)


    p/s: Something more recent, Upatre family might be of interest as well.



  • You may also find what you need over at MalwareTips.
    I am a member there, and a lot of testing and reviews goes on there. We have a updated list of Viruses & Malware we use for testing & review purposes. PeAcE

This discussion has been closed.