Polymorphic code: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 15:52, 3 July 2024 edit Killian vaudran (talk \| contribs) 3 edits No edit summary Tags: Reverted Visual edit ← Previous edit		Latest revision as of 19:04, 7 April 2025 edit undo MrOllie (talk \| contribs) Extended confirmed users, Pending changes reviewers, Rollbackers 255,537 edits unreliable source
(5 intermediate revisions by 3 users not shown)
Line 16: Emulation may be used to defeat polymorphic obfuscation by letting the malware demangle itself in a virtual environment before utilizing other methods, such as traditional signature scanning. Such a virtual environment is sometimes called a [[Sandbox (computer security)\|sandbox]]. Polymorphism does not protect the virus against such emulation if the decrypted payload remains the same regardless of variation in the decryption algorithm. [[Metamorphic code]] techniques may be used to complicate detection further, as the virus may execute without ever having identifiable code blocks in memory that remains constant from infection to infection. The first known polymorphic virus was written by Mark Washburn. The virus, called [[1260 (computer virus)\|1260]], was written in 1990.<ref>{{Cite web \|title=An Example Decryptor of 1260 \|url=https://userpages.umbc.edu/~dgorin1/432/example_decryptor.htm \|access-date=2025-03-21 \|website=userpages.umbc.edu}}</ref> A better-known polymorphic virus was created in 1992 by the hacker [[Dark Avenger]] as a means of avoiding pattern recognition from antivirus software. A common and very virulent polymorphic virus is the file infecter [[Virut]]. ~~== Example of polymorphic code ==~~ ~~<syntaxhighlight lang="python">~~ ~~import os~~ from random import * ~~import hashlib~~ ~~# Récupérer le contenu du script actuel~~ ~~with open(__file__, 'r') as f:~~ ~~code_source = f.read()~~ ~~# Ouvrir le fichier en mode lecture binaire~~ ~~with open(__file__, 'rb') as f:~~ ~~# Lire le contenu du fichier~~ ~~file_data = f.read()~~ ~~# Calculer le hash SHA-256 du contenu du fichier~~ ~~sha256_hash = hashlib.sha256(file_data).hexdigest()~~ ~~# Afficher le hash calculé~~ ~~print(f"Hash SHA-256 du fichier {__file__}: {sha256_hash}")~~ ~~code_source = code_source.split('\n')~~ ~~code_source = [ligne if not ligne.startswith('#') else f"#{choice(list(sha256_hash))}" for ligne in code_source]~~ ~~code_source = '\n'.join(code_source)~~ ~~print(code_source)~~ ~~# Écrire le code source dans un fichier~~ ~~with open(f"{sha256_hash}.py", 'w') as f:~~ ~~f.write(code_source)~~ ~~print(f"Le code source a été écrit dans le fichier '{sha256_hash}.py'.")~~ ~~while True: input()~~ ~~</syntaxhighlight>~~ == See also ==