EOF-Project.net

EOF 0x01 released on:
1st January 2007

Download from:
EOF-Project || VX HEAVENS

EOF/DR/RRLF release date:
July 27, 2008

Contact:
izee, WarGame

DooM RiderZ issue #1
(Mirror)

Sources_Binaries

========================= New sources ========================

Sk0r/Czybik

ProcessModule v0.2 - v0.4 (+ debug console) - Delphi - Tool - Gets information about modules of running processes, gets processes IDs (PID) and modules IDs (MID). The
tool also has possibility to create and terminate processes.

Nibble

3x3_2_vbs - C - Tool - Converts any file to vbs scripts.
FileSP - C - Tool - File splitter.

AzRaEL

get__ - C++ - Tool - Takes a http, ftp (user@pwd:ftp_uri), https file like wget of linux and if it is an executable windows file fet__ clean his header and execute that on the system.
ejecutable - C++ - Prank - Profit of concept for common malware and a joke.

========================= Other sources =======================

Berniee/Fakedminded

PE ressource infector - Asm - Virus - Demonstrates PE infection in ressource section.
The Enemy - Asm - Virus - Prepender with simple xor encryption.
Whore - Asm - Worm - Spreading by flash disks.
Littleboy Priapism - ILasm - Virus - Overwriter.
Fag - Asm - Virus/Worm - PE ressource infector, P2P worm.
Friday Sectoriate - Asm - Worm - Spreads by SMTP protocol.

Nibble

sb0t - C - IRC Bot - Small IRC bot.
h3xb0t - C - IRC Bot - IRC bot with a lot of commands.
sd0wn - C - Downloader - Small downloader.

Psyco_Rabbit

Semaphore - C++ - Tool - Synchronizes two processes in a shared buffer memory.

Sk0r/Czybik

Polymsh - PowerShell - Worm - First polymorphic Windows Vista worm wroted on PowerShell language.
Haxsteam - VB - Worm - Spreading via Steam and IRC.
PowerShell - PowerShell - Worm - First Windows Vista worm wroted on PowerShell.
SkorAvKiller - Batch - Worm - Kills different AV proccesses and spreads over P2P network (KaaZaA).

WarGame (DooM RiderZ)

Kr00l.a - Ferite - Virus - Appender - Very first Ferite language virus.
Littlepain - C - Worm - Spreads by shares folders on remote PCs: ADMIN$, C$, etc.

==================== EOF issue #1 sources online ===================

Berniee/Fakedminded

Littlegirl Samara - ILasm - Virus - Prepender.
Lovehoax - Asm - Virus - Infects PE executables by adding new section, spreads by flash disks, contains simple poly engine.
Bindshell - Asm - Tool - Binds cmd.exe to a specific port.

Nibble

sd0wn 2 - ASM - Downloader - Small downloader v.2.
sd0wn 3 - C - Downloader - Small downloader v.3.
Small backdoor - C - Backdoor - Small backdoor.

Psyco_Rabbit

My DNS - C++ - Tool - Gets from IP address DNS and otherwise.
My Sniffer - C - Tool - Network sniffer.

Sk0r/Czybik

BrownThunder - mIRC script - Worm - mIRC script worm.

Santabug

Ptrace-Fucker - C - Tool - LKM which intercepts the ptrace() syscall.

WarGame (DooM RiderZ)

Happy - C - Virus - Linux/Unix overwriter.
Kr00l.b - Kr00l.c (with mutation examples) - Kr00l.d (with mutation examples) - Ferite - Virus - Appender - Very first Ferite language viruses.
MiniPig - C - Virus - Prepender - Infects current dir, desktop and personal folder.
RansomWar - C - Ransomware - Encrypts every file on every drive with blowfish algo. User can get data back only if he sends special e-mail to the malware author.
SuperPig - C - Worm - Spreads by BearShare, DC++, Gnucleus, ShareAza and mIRC. Also spreads by using built-in CD burning function.
WarMySqlBrute - C - Tool - MySQL bruteforcer.
WarSkype - C - Worm - Very first Skype IM worm.
HTMLworm - C++ - Worm - Spreads by adding a link to itself in html files.

Note: RadiatioN's and SkyOut's sources were not published here, you can find their sources in our first e-zine.

Below are the contributed sources.

Cyberdude

Disk Sector Search - Gcc Asm - Tool - Tool for Unix systems, that makes a low level search of a single string in all sectors of disk.

lclee_vx

W32.Cleevix - Asm - Virus - PE infector - Contains simple encryption and works on 9x/2k/XP Windows systems.
W32.Lychan - Asm - Virus - PE infector - Contains no encryption, adds new section. Works on 9x/2k/XP Windows systems.

tanMa

Roman Legionar - C - Virus - PE infector - Virus increases last section, contains payload and crypted through .reloc section. This virus is demo, without spreading capabilities.
64 Absolute - C - Virus - PE memory resident mid-infector - Very first virus coded in C for x64 proccessors. Also contains interesting and some new techniques.

s134k

BlindSpot - C - Tool - Multiple file binder with a small stub.

Hutley

BotStranged - Delphi - IRC Bot - IRC bot coded on High Level Language.

Necronomikon

LoveStar - Word/StarOffice - Macro - First cross-infector macro virus, which works on StarOffice and MS Office.

Genetix

ActiveAngel - VB - Virus - Prepender - Spreads by finding the files linked to shortcut files or executables. Creates "C:\" drive sharing and drops "Game.exe" there.
Nurofen - VB.NET - Worm - Spreads by MSN Messenger IM. ZIP and RAR archive spreading also included.