®®<<==--==>>¯¯ ÄÍ MutaGen ÍÄ ®®<<==--==>>¯¯ A Quiescently Frozen Concoction of MnemoniX - 1994 Version 2.0 mutùaùgen (myoo'tŠ-jŠn') n. An agent that causes a biolog- ical mutation. - mu'ta-gen'ic (adj.) Yes, this is MutaGen, one of the most powerful polymorphic encryption engines known to man. MutaGen is mainly designed for inclusion in computer viruses or other such toys, but may be utilized for any purpose the user wishes. If you have not written viruses before, don't start with MutaGen. Work on some good viruses first and then work with this program. This module requires a good knowledge of assembly. Sometimes you may need to manipulate a program a little to fit the module; if you have problems, observe the two sample viruses and follow their example. Oh, and I don't particularly mind if you mess with this module, but leave the "MutaGen vX.X MnemoniX" string in it. - How to Use It - MutaGen is relatively simple to use; the module only requires a few parameters. To use MutaGen, include at the beginning of your code the line: extrn _MUTAGEN:near Then, when the time comes, call it with the following parameters: DS:SI = address of code to encrypt ES:DI = area for encrypted code - the decryption module can range in size from 40 to about 180 bytes (usually about 70-100). Include generous space for this module. CX = size of code - MutaGen v2.0 occupies 1938 bytes itself; be sure to include this in the size. DX = offset in memory where decryption module will be RUN from - that's RUN from; in other words, where this code will be summoned in memory. After MutaGen is run, CX holds the length of the encrypted module with decryption code. DS:DX points to the encrypted code. Link with MutaGen, lather, rinse, repeat, etc. Examine the sample Mutagenic Agent viruses included for examples. This version includes two: MutaGenic Agents I and ]I[. (MutaGenic Agent ][ was included in previous versions, but I dumped it in favor of the third one.) The first one is a nonresident .COM infector that infects one file in the current directory each run. It's not destructive, so don't be afraid to play around with it. The other virus is a powerful polymorphic stealth COM/EXE infecting virus. It disinfects itself when opened so as to fool virus scanners, and many CRC checkers will not even notice any change to infected files. It also makes exceptions for SCAN.EXE and F-PROT.EXE and won't infect them. But this is a powerful virus, so if you play with it, be careful. - Miscellaneous BS. - For anyone who is interested, I am MnemoniX, a programmer and creator of many viruses and miscellaneous electronic toys, located in western New York State, U.S.A. I created MutaGen because I just wasn't happy with the other encryption engines in circulation. Most of them are buggy, and scan as TridenT 50 percent of the time. I believe I have alleviated these problems in this engine. I do not, by the way, intend to release the source code to this engine. This version is the best one yet. I added many features that will make this engine very difficult to scan. There are more calls and jumps added to confuse scanners, and I fixed some bugs that would cause system reboots and hangs (although to be honest I have no idea what caused them in the first place.) - Disclaimer. - MutaGen contains no harmful or destructive routines. As such, I, the author and a generally amazing and wonderful being, take no responsibility for any damage resulting from programs which may happen to implement MutaGen in their code. You ran it, I did not ... Revision History: .80á 1/94 - personal release .90á 2/94 - first offical beta test version released. Sometimes scanned as TpE, contained minor bugs. .95á 2/94 - fixed bugs & made less scannable. 1.00 3/94 - first official version. Functionally perfect, as far as I can see. 1.10 4/94 - Added more variability in code and optimized existing code. Also added another demonstration virus. 1.1b 4/94 - Fixed protected mode bug, I think. (Thanks Memory Lapse) 1.2 5/94 - Improved code yet more, added more power & polymorphism. (Also, the first demo virus no longer scans as Ash.) 1.3 6/94 - Optimized some code and added more weird twists and turns in the code. 2.0 7/94 - The definitive version. I fixed bugs with the IN and REP instructions that would occasionally cause problems. Added many calls and jumps to make detection much more difficult. If there is a next version, it will simply be smaller. And so I conclude. Enjoy ... ®®<<==--==>>¯¯ ÄÍ MnemoniX ÍÄ ®®<<==--==>>¯¯ 1994