Python Virus

I've been using py2exe, because I would love to compile my Python script to a real exe.
But first of all, you can use it only with Python 2.7. With Python 3 there are some issues.
But that's ok, I prefer anyway Python 2.7.

The bad thing is, you'll get a bunch of files. A real exe and additional stuff.
Sure, you can use it. It's working well. But you'll have many files and not only one standalone exe.

Correct me, if something changed or if you know it better.

---

I know C#/.Net quite well, but would never choose it for a virus.

(01-09-2014, 11:40 AM)Deque Wrote:

[To see links please register here]

I wouldn't exclude .NET for all kind of viruses.
For PE viruses it isn't good, unless maybe you manage to create a CIL injection to the section that contains the CIL code (only works for .NET exe files as host).
You might also imagine a virus that infects .NET source files right before compilation.
In those cases you will have to write at least part of the virus' sources in a .NET supported language.

Sure, you're right. If you want a virus infecting .Net files, then it's fine.
I've even done this in the past.

But I would like to know more about infecting PE with ASM.




I know about Python virus infectiong other python files.

==>

[To see links please register here]

==>

[To see links please register here]

(01-09-2014, 11:48 AM)upsurt Wrote:

[To see links please register here]

But I would like to know more about infecting PE with ASM.

Read that book:

You won't find any recipies there, but general concepts which I also used for the paper about infection strategies.
Some parts are pretty outdated, but there is a section about PE infection.

If you know how to program with ASM, it shouldn't be a problem to apply the knowledge.

(01-09-2014, 11:48 AM)upsurt Wrote:

[To see links please register here]

I know about Python virus infectiong other python files.

==>

[To see links please register here]

==>

[To see links please register here]

I wrote one too:

[To see links please register here]

It is good way to teach how viruses work in general.

The most tricky source infectors only infect right before compilation and clean the source files right after so that you don't see any tracks.

(01-09-2014, 11:40 AM)Deque Wrote:

[To see links please register here]

As I said, I really don't know much about py2exe.
Edit: I found this, though:

[To see links please register here]

It seems a standalone is possible with the right options applied.

I've to try this out. Thank you!

But there is a comment:

The solution is working well but what about the inclusion of tkinter in the exe? The executable crashes if I move it out the dist directory but it works well inside dist where "tcl" dir is present.

So I'm not sure it is working...

nice one! have you writen a virus in any other language?

(01-09-2014, 02:21 PM)upsurt Wrote:

[To see links please register here]

nice one! have you writen a virus in any other language?

I have a concept code in Java that infects runnable jar files:

[To see links please register here]

But that's it.

Wouldn't it be wiser to inject a dll.It is so easy in python.

but... will such a virus work on windows? I mean it have got python dependency. then what is the use with it.

Is possible to compile an .py file to an .exe file.. just try "pyinstaller".. it can compile also to all the type of platform (python is cross-platform) ... "pyinstaller --onefile virus.py"... finally you can try the "--noconsole" option, it'll not display the window's program..