F-13 Labs

Welcome to F-13 Labs

This is the place we publish our things or others will call it as E-zine

Anyhow, for this time I just call it as collection of what F-13 Labs members done

in 2006. Enjoy and send any good/bad comment to me, Thanks.

===============================================F-13 0x1.0 Online======================================================

lclee_vx

1. Win32 Virus Run in Ring3 - The basic tutorial how to write PE virus in Ring3. Credit go to Billy Belcebu

2. Scan Win32 API Functions - The method how to get the Kernel32.dll address and load the API functions when you code virus

3. Scan Win32 API Functions with Checksum - Another method to get the Kernel32.dll address and load the API functions with checksum

4. Oligomorphic Virus (Win32.Cleevix) - The oligomorphic virus code with tasm32

5. W32.Ceel.a - Win32 ASM Virus

6. Retrieve Kernel32.dll Address - The summary of the method how to retrieve the Kernel32.dll address with the simple way.

7. First Testing Virus on Linux (lychan) - This virus is just Proof of concept and not work perfectly in Linux system. Code with NASM.

8. Win32.Lychan - Another Win32 Virus, add the new Section in PE file and without encryption protect.

Moaphie

1. Monalisa (Worm_VB.BBE) - This worm is an IM worm spreads via MSN Messenger by sending executable URLs of its and some

mapped drives. It does some registry hacks and disable some services, Anyhow it destroy nothing.

Code with Visual Basic.

2. W32.Nippy - This is overwriting virus. It overwrites PE when it was executed. Code with C language.

3. W32.Ron - W32.Ron is based on W32.Nippy but Ron is the companion virus. Code with C language

Robinh00d

1. Auto Delete

6. Reverse Bit - Write a C function to swap the bits of a char so that its bits would become the mirror

image of the char.MSBs become its LSBs etc. E.g. 11001100 binary would become 00110011

binary.

Wargame

1. Skype Worm Generator v0.2 - This VCK can generate worm spreading using skype IM [Source Code] [Binary]

[Dowonload Ezine F-13x1.0]