Aphex's Polymorphic Web Downloader

· Overview ·
· Origins ·
· Operation ·
· Detection and Removal ·
· Research ·

Overview

Vendor Notes:

 from the doc: 'Polymorphic Web Downloader Generator 1.0 by Aphex
This will generate a web downloader using random data and a variable size that you can edit. There are trillions of possible servers.
"polymorphic, polymorphous -- (having or occurring in several distinct forms; "man is both polymorpphic and polytypic"; "a polymorphous god")"
Aphex

2.0: EES Polymorphic Downloader by Aphex of EES
A downloader that is impossible to detect?
Yes and no. Anti-virus scanners detect trojans and other malware by comparing the characteristics of the file to other known threats. CRC checks, import tables, static strings and encryption algorithms are among the most popular methods of detection.
A web downloader has but a single purpose and that is to download a file from a url and execute it. There are a limited number ways to encrypt the exact same procedures but if other operations are added to the procedures it will result in a uniqely different file and the effectiveness of encryption is increased exponentially, raising the difficulty of detection using these methods out of the scope of current Anti-virus technology.
IN OTHER WORDS: generated downloader + exe encrypter = UNDETECTABLE
I recommend tElock 0.98, it is simple to use and very powerful. http://linux20368.dn.net/protools/files/packers/telock.zip
Aphex

3.0: Polymorphic Webdownloader Generator 3.0 by Aphex
This will randomize source code for a simple web downloader and assemble it. The output file is unique and resistant to standard offset and string scanning antiviral tactics. The only thing an antivirus can detect is the URLDownloadToFileA function call and this is easily covered up using the included exe packer or another packer of your choosing.
To use, enter the url for a file, the desired output filename and then the size multiplier which will add garbage data into the file.
Aphex

Alias:

 TrojanDownloader.Win32.Apher, TrojanDownloader.Win32.Apher.gen

Category:

Downloader: A program designed to retrieve and install additional files, when run. Most will be configured to retrieve from a designated web or FTP site.

Similar Pests:

 Downloader

Origins

Author:

 Aphex

Group:

 EES

By This Group:

 Aphex Command Line Tools ·

EMail:

 aphex@inphiltration.com

Date of Origin:

 June, 2002

Operation

ScreenShot:


Polymorphic Downloader 1.0


EES Polymorphic Downloader 2.0


Polymorphic Downloader 3.0

Detection and Removal

Automatic Removal:

PestPatrol detects this.

PestPatrol removes this.

Research

More Info:
  • AllTheWeb, AltaVista, AOL Search, Ask Jeeves, Google, HotBot, Lycos, LookSmart, MSN, Yahoo!
    		•

    Research By:
  • PestPatrol's Pest Research Center
    		•

    Last Revised:

    		 June 27, 2004