Today we are going to put the theory to the test and make a simple and non intelligent virus based on our article here. We will be using visual basic 6. You can get a portable copy here. A little recap was we said a typical malware form consists of 3 parts.
- A replicator
- A concealer
- A bomb
So we will start a simple project as below:
The reason we are using subs instead of functions, is because a sub would not need to return something just execute operations. We are using a module instead of a form because the application will have no interface.
Making the replicator and concealer
This will handle the virus’s auto copy ability as well as hiding our copies.
For the replicator bit we will have the following features:
- Check for different types of drives (Hard drives, USB Drives, Network Drives etc)
- Make a copy of the virus on each of the drives found.
Once this is in place we need to hide our virus instances. We will do this in two methods:
- We will make our instances hidden files even when not running
- We will hide the virus instance from the task manager
It will look something like below:
Making the bomb
For this bit we will use to methods to execute our Bomb.
- Shell- To run registry write functions. Wscript.Shell object provides functions to read system information as well as environment variables and manage registry and shortcuts.
- dll- This handles a lot of network related functions but what we need it for is to do an emulation of “netsh firewall set opmode disable” .
So here is our bomb , I have commented the code that is why I am not explaining much about it.
Run the artificial Life
Next we run the virus by calling the subs.
You can download the project from Github
https://github.com/alienwithin/malware-intro/tree/master/simple_virus
You may view the detection rate in the image below or online.
https://www.metascan-online.com/en/scanresult/file/e326f152dcee4b85937d4656b77ca324