v x

Invisible Text. Fuck you.

Home Code Archive ICS SCADA Papers Linux Papers Malware Defense Papers Other Papers Russian Papers Windows Papers Malware Collections

29a Labs

Volume 1. 001 - Introduction
Volume 1. 002 - Distributor Information
Volume 1. 003 - Greetings
Volume 1. 004 - Legal Disclaimer
Volume 1. 005 - Interviews
Volume 1. 006 - Life in Saturn
Volume 1. 007 - Encryption Theory
Volume 1. 008 - Encryption Practice
Volume 1. 009 - Polymorphism
Volume 1. 010 - Upper Memory Residency
Volume 1. 011 - Vba Viruses and Trojans
Volume 1. 012 - Deactivations
Volume 1. 013 - Antiheuristics
Volume 1. 014 - TBAV Keys
Volume 1. 015 - TBAV Signatures
Volume 1. 016 - TBAV Antidetection
Volume 1. 017 - Installation Check
Volume 1. 018 - AVP 2.2 Naked
Volume 1. 019 - Chilling Fridrik
Volume 1. 020 - Virus Index
Volume 1. 021 - Zhengxi.7313
Volume 1. 022 - V.6000 Virus
Volume 1. 023 - TS.1423 Virus
Volume 1. 024 - Remolino.968
Volume 1. 025 - Torero
Volume 1. 026 - Internal Overlay
Volume 1. 027 - CRI CRI Virus
Volume 1. 028 - TheBugger
Volume 1. 029 - Apocalyptic
Volume 1. 030 - AVP-Aids
Volume 1. 031 - AntiCARO
Volume 1. 032 - Galicia Kalidade
Volume 2. 001 - Introduction to 29A Vol. 2
Volume 2. 002 - News since 29A Vol 1.
Volume 2. 003 - 29A Distribution Sites
Volume 2. 004 - Our greetings
Volume 2. 005 - Legal stuff
Volume 2. 006 - Interview with Qark
Volume 2. 007 - Words from Jacky Qwerty
Volume 2. 008 - What is happening in IRG
Volume 2. 009 - Envy makes dorks resuscitate
Volume 2. 010 - Article separator
Volume 2. 011 - Playing Hide and Seek
Volume 2. 012 - TBSCAN.SIG infection
Volume 2. 013 - Macro virus trickz
Volume 2. 014 - WM.CAP virus description
Volume 2. 015 - Vecna's Random Boot Loader
Volume 2. 016 - The Necromantic Mutation Engine
Volume 2. 017 - HMA Residency
Volume 2. 018 - Compression engines
Volume 2. 019 - Analysis on the decryptor generation
Volume 2. 020 - Strategic Alliances Bring 'em on, we love 'em
Volume 2. 021 - Stupid descriptions
Volume 2. 022 - PE infection under Win32
Volume 2. 023 - Virus oriented VxD writing tutorial
Volume 2. 024 - 29A INC files
Volume 2. 025 - PE Write Section
Volume 2. 026 - GetProcAddress-alike utility
Volume 2. 027 - Win32.Cabanas.2999
Volume 2. 028 - Win32.Jacky.1440
Volume 2. 029 - Lizard
Volume 2. 030 - Win95.Z0MBiE
Volume 2. 031 - GoLLuM ViRuS
Volume 2. 032 - You_Got_It
Volume 2. 033 - PM.Wanderer
Volume 2. 034 - Dementia.4207
Volume 2. 035 - SSR.19834
Volume 2. 036 - Z0MBiE.1922
Volume 2. 037 - SpiceGirl family
Volume 2. 038 - Cavity worm
Volume 2. 039 - (unable to translate)
Volume 2. 040 - HMA memory virus
Volume 2. 041 - Padanian Warrior
Volume 2. 042 - Ply family
Volume 2. 043 - ELVIRA virus
Volume 2. 044 - Esperanto
Volume 2. 055 - Tupac Amaru
Volume 2. 056 - SuckSexee Automated Intruder
Volume 2. 057 - Zohra
Volume 2. 058 - Anti-ETA
Volume 2. 059 - WordMacro.CAP
Volume 2. 060 - Orgasmatron
Volume 2. 061 - Polymorphic boot virus
Volume 2. 062 - DogPaw.720
Volume 2. 063 - Carriers
Volume 2. 064 - RedCode
Volume 2. 065 - Baby Bug
Volume 2. 066 - Prion
Volume 2. 067 - Insert v 2
Volume 2. 068 - Animo
Volume 3. 001 - Introduction
Volume 3. 002 - News
Volume 3. 003 - Membership
Volume 3. 004 - Distribution
Volume 3. 005 - Our greetings
Volume 3. 006 - Policies and goals
Volume 3. 007 - Secret area
Volume 3. 008 - About the viewer
Volume 3. 009 - Good bye!
Volume 3. 010 - Rajaats Resignation
Volume 3. 011 - CD13
Volume 3. 012 - Virus Writing Guide 1.03
Volume 3. 013 - WIN32 PE INFECTION TUTORIAL
Volume 3. 014 - Pass to Ring 0 with C
Volume 3. 015 - The VxDCall backdoor
Volume 3. 016 - How to get the Windoze directory from a dos virus
Volume 3. 017 - Cross Infection Tutorial for Office'97 PART I
Volume 3. 018 - Cross Infection Tutorial for Office'97 PART II
Volume 3. 019 - Heuristics for antivirus archiving detection
Volume 3. 020 - opcode emulator
Volume 3. 021 - Preserving Novell Netware Compatibility
Volume 3. 022 - very quick hack to decrypt TBSCAN32.EXE
Volume 3. 023 - A tribute to only AV'er that can make me laugh
Volume 3. 024 - ANTIVIRUS PATHETISM
Volume 3. 025 - JQCODING
Volume 3. 026 - Load and execute program, TbMem exploit
Volume 3. 027 - Spirit's Universal Polymorphic Device v2
Volume 3. 028 - Reed-Solomon error correction code for virus
Volume 3. 029 - How to fuck CRC16, CRC32, CRC48 for Adinf, AVPInspector, etc
Volume 3. 030 - AVP 3.0 Weekly Update Generator I
Volume 3. 031 - AVP 3.0 Weekly Update Generator II
Volume 3. 032 - Advanced ZCME
Volume 3. 033 - Advanced ZCME32Bit
Volume 3. 034 - Super Tiny Reloc Compressor
Volume 3. 035 - JQENCODE.ASM
Volume 3. 036 - TLP - Tiny Lame Poly Engine V2
Volume 3. 037 - APME.Demo.620
Volume 3. 038 - Random Decoding Algorithm Engine demo
Volume 3. 039 - Resident NE infector
Volume 3. 040 - Next Step
Volume 3. 041 - WIN95.K32
Volume 3. 042 - Win9X.Z0MBiE-II
Volume 3. 043 - Marburg virus
Volume 3. 044 - Hantavirus Pulmonary Syndrome
Volume 3. 045 - Resident PE infector
Volume 3. 046 - Multipartite PEBOOT polymorphic mIRC spreading infector
Volume 3. 047 - Sexy viru
Volume 3. 048 - Yabram
Volume 3. 049 - THE APPARITION
Volume 3. 050 - WIN32.BORGES Virus
Volume 3. 051 - Win32.REDemption.9216
Volume 3. 052 - VxD-infection
Volume 3. 053 - SVAT
Volume 3. 054 - Simple
Volume 3. 055 - Nutcracker.7458
Volume 3. 056 - Multipartite COMEXEOVLSYSOBJBATARJRARBSMBR encrypted fast infector
Volume 3. 057 - IDEA Virus COMEXEZIP Infecteur Resident polymorphe lourdement crypté
Volume 3. 058 - DARK THOUGHTS v1.20
Volume 3. 059 - Virus LA DIOSA
Volume 3. 060 - Multi-partite full-stealth slow-polymorphic BOOTCOMEXE-infector
Volume 3. 061 - Full-stealth variable encrypting .COM & .EXE-infector
Volume 3. 062 - Full-mirror .COM & .EXE-infector
Volume 3. 063 - Parasitic resident full stealth .EXE-infector
Volume 3. 064 - Resident stealth bootsectorMBR infector
Volume 3. 065 - S Q U A T T E R v 1 . 2
Volume 3. 066 - ClaudiaSchiffer.8772
Volume 3. 067 - FAT16 Independent Replicative Emulator
Volume 3. 068 - FAT16 Independent Replicative Emulator II
Volume 3. 069 - FAT16 Independent Replicative Emulator III
Volume 3. 070 - Nick Nitzgerald Virus
Volume 3. 071 - Weird Al Virus
Volume 3. 072 - DSA2 Virus
Volume 3. 073 - Shiver[DDE]
Volume 3. 074 - Strange Days
Volume 3. 075 - DOS.ExeHeader.Numbless.512
Volume 3. 076 - Multipartite MBRCOM stealth infector
Volume 3. 077 - Turbo Pascal Multipartite EXEMBR infector
Volume 3. 078 - Ithaqua
Volume 3. 079 - Resident SYS infector
Volume 3. 080 - Ida.1490

Builders

887 RAT Builder.a
A7m3d RAT Builder
APK Ransomware Builder
AVD Crypto Stealer Builder
AbStealer Builder
Adwind RAT Builder.a
AgentTelsa Builder
AndroRAT Builder.a
Anubis Builder.g
Ardamax Builder
Babuk Builder
BabylonRAT Builder
BitRAT Builder (Unknown Variant)
BitRAT Builder.a.c
Black Stealer Builder.b
BlackGuard Stealer Builder
BlackNix Builder.a
Blue Banana RAT Builder.a
CHMiner Builder
Carberp Builder
Chaos Ransomware Builder.d
Chaos Ransomware Builder.e
CloudNet Builder
Collector Stealer Builder
CometRAT Builder
Coolvibes RAT Builder.a
CosaNostra
Covid19 Banking Trojan Builder
Crimson RAT Builder.b
Crypto Ripper Builder
Cypher RAT Builder (Unknown Variant)
Cypher RAT Builder.c
DRat Builder
DarkComet Builder (Multi components)
DarkOut Builder
DarkTrack Alien Builder
Dexter Builder
DiamondFox Builder.d
DroidJack Builder
EagleMonitorRAT Builder (Unknown Variant)
EagleMonitorRAT Builder.b
GlitchPOS Builder
Hades Builder
HakopsRAT Builder
Harmmy Rat Builder.a
ImminentMonitor Builder
IndRAT Builder
KJw0rm Builder
Kazy Bot Lite Builder
KillerRat Builder.j
Lockbit 3 Builder
LokiRAT Builder.2021
LokiRATBuilder (Unknown Variant)
Lost Door RAT Builder.j
Lucifer HTTP Botnet Builder.a
Luminosity Builder
LuxNET RAT Builder.a
Manjusaka Builder
Mars Stealer Builder
Mars Stealer Builder.f
Mars Stealer Builder.h
Nanocore Builder
NingaliNET Builder.a
NjRat Builder
Novo Botnet Builder
Orcus Builder
Ork Password Stealer Builder
Pandora Rat Builder.b
Pegasus Lime HVNC Builder
PentagonRAT Builder
Phoenix Keylogger Builder
PlasmaRAT Builder.a
ProSpy RAT Builder.a
ProstoClipper Stealer Builder
Qakbot Debugger
QuasarRAT Builder.a
Redline Stealer Builder (Modified Variant)
Redline Stealer Builder
RevengeRAT Builder
Rogue Android Botnet Builder.f
Rust Lnk Builder
Sako RAT Builder.a
Scorpion Android Rat Builder
Screen Lock Builder.a
Sentry Mba 141 Beta Builder.d
SilentCryptoMiner Builder.b
SilentCryptoMiner Builder.bb
SpyGate Builder
SpyNote Builder.e
Sseur Keylogger Builder
Teardroid Builder.d
Thanos Ransomware Builder
TinyNuke HVNC Builder
TorCTPHPRAT Builder.b
TreasureHunter Builder
Unkn0wn Toolkit Builder
UnknownRAT Builder
VantomRAT Builder.a
Venom Builder.b
VulturiStealer Builder.a
XFile Stealer Builder
XRAT Builder
XTremeRAT Builder
Yashma Ransomware Builder

The Old New Thing

2022 mid-year link clearance
A history of the fd_set, FD_SETSIZE, and how it relates to WinSock
Adventures in application compatibility_ The case of the PC-relative indirect jump that reads from nowhere
An initial look at the mechanics of how COM marshaling is performed
An opinionated comparison of Cplusplus frameworks for consuming and implementing Windows Runtime types
Commonly-supported Windows shortcuts for pasting without formatting
Cplusplus coroutine gotcha_ Falling off the end of a function-level catch
Creating a lazy-start Cplusplus_WinRT coroutine from an eager-start one, part 2
Creating a manual-start Cplusplus_WinRT coroutine from an eager-start one, part 1
Debugging coroutine handles_ Looking for the source of a one-byte memory corruption
Feel free to stop using IMultiLanguage2__DetectInputCodepage
How can I build a URL query string in the Windows Runtime_
How can I get WRL to link my object into its activation factory
How can I parse URL query string in the Windows Runtime_
How can I provide a Windows Runtime ValueSet or PropertySet while non-intrusively monitoring changes to it_
How can I test my geolocation code on a system without a GPS
How can I trigger a recalc of the mouse cursor after I changed some of my internal application state
How can I wait more than 30 seconds for a delay-rendered clipboard format to become rendered_
How can I write a coroutine that produces a result but keeps on running_
How do I consume raw COM interfaces from a Windows Runtime metadata file
How do I retrieve an extremely large range of cells from Excel if the clipboard functions all time out_
How to write like Raymond_ Contacting another team for the first time
How to write like Raymond_ Intentional typographical errors, part 2
I did that merge-as-cherry-pick thing, but my change still didn't merge correctly
Is it true that raising a structured exception from a structured exception handler terminates the process
Is there a maximum size for Windows clipboard data_ Because I'm getting null for something I know should be there
Is there any meaningful way to compare two Time Travel Debugging positions
It rather involved being on the other side of this airtight hatchway_ Replacing a service binary
Janet Jackson had the power to crash laptop computers, follow-up
Janet Jackson had the power to crash laptop computers
Making sure that people use make_unique and make_shared to make your object
Microspeak_ Break glass
Microspeak_ Inside baseball
Microspeak_ The one-pager
My class derives from std__enable_shared_from_this, but shared_from_this() doesn't work
On the importance of managing the stream pointer when manipulating marshal data
Processing a ValueSet or PropertySet even in the face of possible mutation, part 1
Processing a ValueSet or PropertySet even in the face of possible mutation, part 2
Processing a ValueSet or PropertySet even in the face of possible mutation, part 3
Processing a ValueSet or PropertySet even in the face of possible mutation, part 4
Serializing asynchronous operations in Cplusplus_WinRT, gotchas and final assembly
Serializing asynchronous operations in Cplusplus_WinRT
Serializing asynchronous operations in Csharp
Setting properties in Cplusplus_WinRT is done by a function call, but you need to call the function the right way
Starting on the other side of the airtight hatchway_ Attacking the batch file parser
Starting on the other side of this airtight hatchway_ Overwhelming the system
The AArch64 processor (aka arm64), part 10_ Loading constants
The AArch64 processor (aka arm64), part 14_ Barriers
The AArch64 processor (aka arm64), part 15_ Control transfer
The AArch64 processor (aka arm64), part 16_ Conditional execution
The AArch64 processor (aka arm64), part 17_ Manipulating flags
The AArch64 processor (aka arm64), part 18_ Return address protection
The AArch64 processor (aka arm64), part 19_ Miscellaneous instructions
The AArch64 processor (aka arm64), part 1_ Introduction
The AArch64 processor (aka arm64), part 20_ The classic calling convention
The AArch64 processor (aka arm64), part 21_ Classic function prologues and epilogues
The AArch64 processor (aka arm64), part 22_ Other kinds of classic prologues and epilogues
The AArch64 processor (aka arm64), part 23_ Common patterns
The AArch64 processor (aka arm64), part 24_ Code walkthrough
The AArch64 processor (aka arm64), part 25_ The ARM64EC ABI
The AArch64 processor (aka arm64), part 2_ Extended register operations
The AArch64 processor (aka arm64), part 3_ Addressing modes
The AArch64 processor (aka arm64), part 4_ Addition and subtraction
The AArch64 processor (aka arm64), part 5_ Multiplication and division
The AArch64 processor (aka arm64), part 6_ Bitwise operations
The AArch64 processor (aka arm64), part 7_ Bitfield manipulation
The AArch64 processor (aka arm64), part 8_ Bit shifting and rotation
The AArch64 processor (aka arm64), part 9_ Sign and zero extension
The case of the APC that never arrives
The case of the constructor that was being ignored
The case of the mysterious over-release from deep inside the marshaling infrastructure
The case of the recursively-acquired non-recursive lock, and how to avoid the unintentional reentrancy
The empty Windows Runtime string is not just a pretty face
The gotcha of the Cplusplus temporaries that don't destruct as eagerly as you thought
The skeleton marshaler that does default marshaling
The x86-64 processor (aka amd64, x64)_ Whirlwind tour
Under what conditions can I modify the memory that I received in the form a STGMEDIUM_
Understanding the marshaling flags_ The free-threaded marshaler
What are the various usage patterns for manually-marshaled interfaces_
What can or should I do with the cursor handle returned by SetCursor
What does the Cplusplus error _A pointer to a bound function may only be used to call the function_ mean_
What happens if my Cplsuplus exception handler itself raises an exception
What is a _Select Administrator__ Is that some special elite kind of administrator
Why am I getting a null pointer crash when trying to call a method on my Cplusplus_WinRT object_
Why am I receiving SHCNE_UPDATE_DIR notifications that my code never generates
Why am I seeing two WRITE requests at the same offset from a single call to WriteFile
Why are many Windows user interface elements positioned at multiples of 4 or 8 pixels
Why can't I programmatically inspect the check boxes in the Security property sheet any more
Why does COM express GUIDs in a mix of big-endian and little-endian_ Why can't it just pick a side and stick with it
Why is there a make_unique_ Why not just overload the unique_ptr constructor
Why is there a passwords.txt file on my system that's filled with somebody else's passwords
Why load fs_[0x18] into a register and then dereference that, instead of just going for fs_[n] directly
Windows Runtime observable collections don't mix well with multithreading
Writing a compound marshaler
Writing a marshal-by-value marshaler, part 1
Writing a marshal-by-value marshaler, part 2

Sponsor

sponsor Tutorial from zetalytics.com

Want to sponsor vx-underground?

Your information could go here