• Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Home
  • About Darknet
  • Hacking Tools
  • Popular Posts
  • Darknet Archives
  • Contact Darknet
    • Advertise
    • Submit a Tool
Darknet – Hacking Tools, Hacker News & Cyber Security

Darknet - Hacking Tools, Hacker News & Cyber Security

Darknet is your best source for the latest hacking tools, hacker news, cyber security best practices, ethical hacking & pen-testing.

the Art of Virology 02h

December 14, 2006

Views: 6,557

[ad]

This is the one and only (and first article) which will present you the source code of a virus on Darknet, and a lame one too :)

Theory again…

First should mention a couple of things which haven’t been specified till now. This virus is going to be an appending virus:

An appending virus is a virus that writes all of his code to the end of the file, after which it writes a simple jump to the code at the start of the file

I will use this method, for first in the virus i’ll present here, maybe later I will adopt another technique as EPO:

Entry Point Obscuring is a method which inserts the entry point of the virus somewhere in the host file, where it can do an interception of the code for later replication, but not at the start.

…but definitely not overwriting viruses:

An overwriting virus has a simple routine to overwrite the host file, thus being easily detected because of the fact that infected files in 99% of cases won’t run anymore

Back to reality

So my first virus is called infant-a, because it only does a single thing (like an infant); also it is a DOS COM infecter, so you won’t have much trouble with it. What to say more, the source if fully commented, and if you have read the book I have suggested you in the 00h article than you won’t have any problems in understanding it.It is not detected by Avira anti virus, check it with other anti viruses and tell me if it found and under which name, oh yeah Kaspersky doesn’t find it either.

BTW: don’t compile and infect other files (computers) with it because I will look lame not you

The brilliant (and simple code) follows: infant-a

How to play with it?

Everything goes in 3 steps, or 2 depends on you…

1st step – dummy com files

Enter in DOS mode (run cmd from Windows run) and write the following lines:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
C:\ >debug
-a100
xxxx:0100 mov  ax,4c00
xxxx:0103 int    21h
xxxx:0105 ^C
// this is a comment ^C means CTRL+C :)
-rcx
CX 0000
:5
-n dummy.com
-w
Writing 00005 bytes
-q
C:\>copy dummy.com uninfectedFile.com
 

2nd step – compile the virus

For this one you need TASM & TLINK, google to get them; if you have them enter the following lines supposing infant-a.asm is the virus:

1
2
3
4
5
 
C:\ >tasm infant-a.asm
C:\ >tlink /t infant-a.obj
//comment: /t tells tlink to make it a dos image file = com file
 

3rd step – optional

Download DOSBox, install it and use the following commands (after starting DOSBox):

1
2
3
4
5
6
7
 
Z:\ >mount C:\ Folder\ Where\ The\ Virus\ And\ Dummy\ COM\ Files\ Are\ Located c:
//comment: c with : (c:) or without I don't remember exactly
Z:\ >C:
C:\ >
//comment: and now your C drive (in DOSBox) is C:\ Folder\ Where\ The\ Virus\ And\ Dummy\ COM\ FIles\ Are\ Located
 

Let’s play

And now you can start the virus and see how it infects one file per run, the dummy COM files should have 6 bytes length, and after infection 161, you can’t miss them…

Are we done already?

Well 02h is over, but 03h is there waiting to be written; whats next? infant-b of course which will have:

  • An encryption method (XOR)
  • A traversal infection (dotdot [..] method)
  • More infections per run
  • Stealth?

Till then have fun with infant-a, and see you as soon as possible (if anybody reads this series).

Share
Tweet
Share
Buffer
WhatsApp
Email
0 Shares

Filed Under: Virology Tagged With: asm, backbone, darknet, malware, Virology, virus



Reader Interactions

Comments

  1. Midnight71 says

    December 15, 2006 at 5:24 am

    Very good article!!extremely interesting virology courses, although i am a C/C++ fan!Assembly isn’t bad at all…
    Keep up the good work!

Primary Sidebar

Search Darknet

  • Email
  • Facebook
  • LinkedIn
  • RSS
  • Twitter

Advertise on Darknet

Latest Posts

Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

Views: 395

With more businesses running Linux in production—whether in bare metal, VMs, or containers—the need … ...More about Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked)

SUDO_KILLER - Auditing Sudo Configurations for Privilege Escalation Paths

SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Views: 456

sudo is a powerful utility in Unix-like systems that allows permitted users to execute commands with … ...More about SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths

Bantam - Advanced PHP Backdoor Management Tool For Post Exploitation

Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

Views: 382

Bantam is a lightweight post-exploitation utility written in C# that includes advanced payload … ...More about Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation

AI-Powered Cybercrime in 2025 - The Dark Web’s New Arms Race

AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Views: 577

In 2025, the dark web isn't just a marketplace for illicit goods—it's a development lab. … ...More about AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race

Upload_Bypass - Bypass Upload Restrictions During Penetration Testing

Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Views: 552

Upload_Bypass is a command-line tool that automates discovering and exploiting weak file upload … ...More about Upload_Bypass – Bypass Upload Restrictions During Penetration Testing

Shell3r - Powerful Shellcode Obfuscator for Offensive Security

Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Views: 725

If antivirus and EDR vendors are getting smarter, so are the tools that red teamers and penetration … ...More about Shell3r – Powerful Shellcode Obfuscator for Offensive Security

Topics

  • Advertorial (28)
  • Apple (46)
  • Countermeasures (228)
  • Cryptography (82)
  • Database Hacking (89)
  • Events/Cons (7)
  • Exploits/Vulnerabilities (431)
  • Forensics (65)
  • GenAI (3)
  • Hacker Culture (8)
  • Hacking News (229)
  • Hacking Tools (684)
  • Hardware Hacking (82)
  • Legal Issues (179)
  • Linux Hacking (74)
  • Malware (238)
  • Networking Hacking Tools (352)
  • Password Cracking Tools (104)
  • Phishing (41)
  • Privacy (219)
  • Secure Coding (118)
  • Security Software (233)
  • Site News (51)
    • Authors (6)
  • Social Engineering (37)
  • Spammers & Scammers (76)
  • Stupid E-mails (6)
  • Telecomms Hacking (6)
  • UNIX Hacking (6)
  • Virology (6)
  • Web Hacking (384)
  • Windows Hacking (169)
  • Wireless Hacking (45)

Security Blogs

  • Dancho Danchev
  • F-Secure Weblog
  • Google Online Security
  • Graham Cluley
  • Internet Storm Center
  • Krebs on Security
  • Schneier on Security
  • TaoSecurity
  • Troy Hunt

Security Links

  • Exploits Database
  • Linux Security
  • Register – Security
  • SANS
  • Sec Lists
  • US CERT

Footer

Most Viewed Posts

  • Brutus Password Cracker – Download brutus-aet2.zip AET2 (2,294,091)
  • Darknet – Hacking Tools, Hacker News & Cyber Security (2,173,083)
  • Top 15 Security Utilities & Download Hacking Tools (2,096,621)
  • 10 Best Security Live CD Distros (Pen-Test, Forensics & Recovery) (1,199,680)
  • Password List Download Best Word List – Most Common Passwords (933,482)
  • wwwhack 1.9 – wwwhack19.zip Web Hacking Software Free Download (776,146)
  • Hack Tools/Exploits (673,293)
  • Wep0ff – Wireless WEP Key Cracker Tool (530,156)

Search

Recent Posts

  • Best Open Source HIDS Tools for Linux in 2025 (Compared & Ranked) May 14, 2025
  • SUDO_KILLER – Auditing Sudo Configurations for Privilege Escalation Paths May 12, 2025
  • Bantam – Advanced PHP Backdoor Management Tool For Post Exploitation May 9, 2025
  • AI-Powered Cybercrime in 2025 – The Dark Web’s New Arms Race May 7, 2025
  • Upload_Bypass – Bypass Upload Restrictions During Penetration Testing May 5, 2025
  • Shell3r – Powerful Shellcode Obfuscator for Offensive Security May 2, 2025

Tags

apple botnets computer-security darknet Database Hacking ddos dos exploits fuzzing google hacking-networks hacking-websites hacking-windows hacking tool Information-Security information gathering Legal Issues malware microsoft network-security Network Hacking Password Cracking pen-testing penetration-testing Phishing Privacy Python scammers Security Security Software spam spammers sql-injection trojan trojans virus viruses vulnerabilities web-application-security web-security windows windows-security Windows Hacking worms XSS

Copyright © 1999–2025 Darknet All Rights Reserved · Privacy Policy