|**************************************************************************| | Beta For Version 2.0. For YAM members only. DO NOT DISTRIBUTE!!! | |DO NOT REMOVE ANY PARTS AND DISTRIBUTE! EVERYTHING MUST BE KEPT IN WHOLE!| | Please Report Any Comments/Bugs/Suggestions To ADMIRAL BAILEY!! A.S.A.P. | |**************************************************************************| ÜÜÜÜÜÜÜÜÜÜ ÜÜÜÜ ÜÜÜÜ ÜÜÜÜÜÜÜÜ Ū ±² Ū Ū Ū Ū Ū Ū °± ßÜ ßÜÜ ²° ÜÜß Ū Ū Ū Ū Ū ±ŪßÜßÜ Ū ÜÜÜ Ū °± Ū Ū Ū Ū Ū Ū ²° ÜÜÜß ÜÜÜ Ū°±²Ū Ū ±² Ū Ū Ū Ū Ū Ū °± Ūß Ū²±°Ū ßßß Ū ²° Ū Ū Ū Ū Ū Ū ±² Ū ßßß Üßß ±² ßßÜ Ū ²°± Ū Ū ²° Ū Ū °± Ū Ū °±² Ū Ū °± Ū ßßßßßßßßßß ßßßßßßß ßßßß -/- INSTANT VIRUS PRODUCTION KIT -\- v1.7 By Admiral Bailey [YAM] ÄÄÄ[ TABLE OF CONTENTS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ ž Disclaimer ž Intro To The IVP ž Features in the IVP ž How To Use The IVP ž About the Configuration File ž All about the routines. ž A Note About the Code Produced ž In Case of Errors ž Future Enhancements ž Greets Goin' Out To... ÄÄÄ[ DISCLAIMER ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Admiral Bailey and the Youngsters Against McAfee (YAM) are not responsible for any damaged in whole or in part done by the Instant Virus Production Kit, or any code that is generated by the IVP. ÄÄÄ[ INTRO TO THE IVP ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Welcome to v2.0 of the Instant Virus Production Kit. Over the last few months I have gotten a lot of suggestions from different people. I have tried to encorporate them all in order to suit the needs of the users. I have also added in a couple of options that I though would be useful. Well anyways enjoy. And if you ever want to get a hold of me you can reach me on The Full Moon (YAM WHQ). ÄÄÄ[ FEATURES IN THE IVP ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Here are a list of the features in the IVP. WERE THERE BEFORE ~~~~~~~~~~~~~~~~~ ž .EXE/.COM file infection (also has both) ž Trojan support ž Directory Changing (Dot Dot Method) ž Encryption On Everything ž Error Handling ž COMMAND.COM infection ž Overwriting Option ž Random Nop generator - Sticks nops at the beginning randomly to prevent McAfee from making a direct scan string. ADDED IN SINCE v1.0 ~~~~~~~~~~~~~~~~~~~ ž Fixed up the code generated. ž Minimum/Maximum file size checking ž Infection Counter ž Random First Pointer - Where you see the pop XX/sub XX,offset is all random. Another Anti-McAfee thing. ž Random encryption. - Yet more anti-scanner features. About 4 different encryption routines randomly used. Not to mention the changing of registers. ž Automatic Virus Compilation. If you want a quick one. ž Fixed up code. ž ID code for both .COM and .EXE infectors. ž Choice of size for compiled file. ž User enters strings to be displayed. ž Controlled Activation. ž Use of routines. ÄÄÄ[ HOW TO USE THE IVP ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Its really not that hard. All you do is edit out the configuration file that has been included to match your specific needs. When done, execute the IVP with the name of the configuration file on the command line. The rest is self explanitory. ÄÄÄ[ ABOUT THE CONFIGURATION FILE ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Below is a detailed explanation of each option that is available in the configuration file. The format of each option is a letter with a equal sign and the option following. A sample configuration file is included. Also be very careful with the syntax in the IVP configuration file. When I made the program read the file I did it in a non error checking way. That means that it doesn't really check if a command is wrong if a command is missing or a command has the wrong syntax. So make sure you enter everything and its done correctly or the virus that is produced may not compile. ž A - Specifies the name of the author. - Ex. "A=Admiral Bailey" ž B - Specifies if you want the virus to replace INT 24h. If yes then any - writes to a write protected disk will be ingnored and aborted. - Ex. "B=Y" ž C - Specifies if you want your virus to infect COMMAND.COM. - If no then any 8 character file ending in 'ND' will not be infected. - Ex. "C=N" ž D - Specifies if you want the virus to change directories. - If yes then the directory changing will be done the '..' way. Where - the virus will step up one directory closer to the root each time. - Ex. "D=Y" ž E - Specifies if encryption or no encryption is to be used. - No encryption reduces the size of the virus. - Ex. "E=Y" ž F - Specifies the file name that all the output will be written to. - Ex. "F=TEST.ASM" ž G - Specifies what to do with the file. - O=Overwriting, A=Appending - Ex. "G=O" or "G=A" ž H - Specifies the largest size of a file to infect. Ex. If you specify - 3000 then your virus will not infect any file over 3000 bytes. - Put a zero here to disable this option. - Ex. "H=64000" ž I - Specifies what type of files to go for. - C=Com, E=EXE, B = Both (Exe and Com), T=Trojan - Ex. "I=B" ž J - Specifies the smallest size of a file to infect. Its the opposite of - above. - Ex. "H=20" ž K - Specifies if you want an infection counter and if so how many files - maximum should the virus infect each time run. - Ex. "K=5" - infect 5 files each time run. ž L - Specifies if you want the IVP to automatically compile your virus into - a working .COM file. You must specify the path of the TASM.EXE and - TLINK.EXE. If you don't want it to compile then put a '0' instead of - the path. - Ex. "L=c:\tasm" or "L=0" ž M - This option allows you to specify what size you want the virus to be - when compiled. Good for when you want to hide the virus in a big file. - Don't be stupid and enter a stupid size. Be resonable. Ex. don't enter - a size of 300 when you know that the virus alone will be bigger then - that. Use something like 24000 for a 24k file. Whatever you choose - the file size will come out to be your size + size of the virus. ž N - This allows you to enter the strings you want displayed. For each line - you want displayed enter a new command. For example: N=Hello World! N=How are you today? - would display Hello World! How are you today? - You can enter a maximum of 5 lines. If you want more then edit out the - source that is produced. Also if you use an apostrophe then the - program may give an error when compiling. Use two apostrophe's to - correct this problem. ž O - Now these are a set of instructions ranging from O1 to O7. They are - all for the activation. You specify the conditions here. More - explanation is in the CFG file. ž P - With this option you are allowed to include routines into your virii. - See the section on routines for more info. ž V - Specifies the name of the virus. - Ex. "V=A Test Virus!" ž W - Is for the ID code used by virii. - It can only be (and must be) two characters. - Ex. "W=AB" ÄÄÄ[ ALL ABOUT THE ROUTINES ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Different routines in a virus are practically what make a virus unique. It's not that it can infect COM or EXE files. It's that it will display entertainment to the victim. For example the CASINO virus. The most unique virus I have ever seen. It destros the FAT table and keeps a copy in memory. Then forces the victim to play a game. If the victem loses. Bingo. Hat's off to the writer of that. Anyways in this version of the IVP I have an option where you can include routines into your virii. Even with all these options the source may still need some editing to produce a quality virus. You can use the routins provided or you can create your own. All routines are put into the activate procedure. From there they can be activated if you use the activation routines or not. To get the routines working perfectly you will have to have the syntax in the configuration file perfect or else it will screw up. I will fix this problem in later versions. But for now this is how it goes. You may specify more than one routine. To do this just repeat the command. Up to a maximum of five routines may be used. Config File Syntax ~~~~~~~~~~~~~~~~~~ 'P' is the routine command. With this at first you specify the name of the file (Ending in .RTN) that contains your routine. This file MUST be located in the routines directory for the virus to compile. The syntax MUST be perfect for this to work. First you must specify the P command with the filename of the routine. After that you will have to declare any registers with any values your routine needs. These declarations must be inclosed within a :START and an :END command. (NOTE: START & END must be in upper case). The syntax for register declaring is as follows: register,value. Anything different and the source will not compile properly. Do not put any comments between the P command and the :END command. It will mess up the source also. If your routine uses no registers then don't declare any. An example of all this is as follows: ; Phasor routine with 5 shots. p=phasor.rtn :START cx,5 :END Creating Your Own Routines ~~~~~~~~~~~~~~~~~~~~~~~~~~ You would be able to figure this out even without the doc's but for all the idiots out there that insist here we go. To create your own routine just write it up in regular assembly code and put it into a file with the extention of .RTN. Then stick this routine into the Routines Directory with the others. If your routine needs any special register values then make note of them. Other wise your routine is ready for use. Feel free to create routines of your own and distribute them as a routine add on. Just be sure to give credit where credit is due. ÄÄÄ[ A NOTE ABOUT THE CODE PRODUCED ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ As I said before .. all the code produced from the IVP may not be 100% perfect or 100% perfect. Some may compile but when run it may not work. If you ever come across this problem then contact myself or a fellow YAM member and give him a sample of the config file you were using. And I will try to fix this problem. So I just have a couple a notes about the code. TROJANS ~~~~~~~ If you put encryption on it the code produced will not be encrypted the first time. To get an encrypted copy do the following. Change the value in the encryption value. Load the file into debug. Keep a record of the value in the cx register. Trace the program through the encryption routine after the return statement. Clear the bx register and put the value back into cx. Then type 'w' and write the file back to disk. Now you have a working encrypted copy of the Trojan. To do this you will need a knowledge of debug. VIRII ~~~~~ All encrypted Virii should be run at least once to get another file infected with a copy of the encrypted virus. Use the dummy file to infect and get an encrypted file. Make sure it is the right size. ÄÄÄ[ IN CASE OF ERRORS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ The IVP has not been tested fully. Just a basic test on different sources produced. So I do not guarantee that the sources produced are 100% workable. Its just here to help you to create your own, ahh who cares. Have a blast creating new varients. But if there is an error then contact me and tell me the error and give me a copy of the Config file. Also if you have any enhancements to the code feel free to let me know. ÄÄÄ[ FUTURE ENHANCEMENTS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ You will see what will be put in in the next version. Whatever I do put in I will try to keep in mind to keep the size down. One thing is TPE (Trident Polymorphic Encryption) compatibilities. MTE is almost 100% scannable and this is a new and better one. And Debug/Dissassembler killing. Thanks to Napoleon. ÄÄÄ[ GREETS ]ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Greets going out to... Soltan Griss - Can't wait to see the funky add on's. Napoleon - Whassup Z. Anyways keep the suggestions comming. YAM Members - Hey guys... Gompa - What's up... thanks for spreading v1.0. And everyone else.. - ADMIRAL BAILEY [YAM] -