/PIvirus

sample linux x86_64 ELF virus
  1. C 95.0%
  2. Assembly 4.2%
  3. Makefile 0.8%
C Assembly Makefile
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

Find file
Switch branches/tags
Nothing to show
Latest commit 9f33102 Mar 10, 2018
@En14c
En14c fix wrong order of macro calls 
modified: hostile.s
Permalink
Failed to load latest commit information.
Makefile modify makefile Mar 9, 2018
README.md initial commit Mar 9, 2018
hostile.s fix wrong order of macro calls Mar 10, 2018
pivirus.c add infection functions Mar 9, 2018

README.md

PIvirus

PIvirus is a proof of concept for infecting linux x86_64 ELF binaries using PLT redirection technique

How it works

  • the virus looks for fclose function and hijacks it with a function that writes garbage from the stack to the stdout

  • the virus will infect x86_64 ELF binaries with the type [ ET_DYN || ET_EXEC ]

  • parasite injection is done by extending the text segment

  • PLT redirection happens at runtime and the virus is able to handle binaries which does not apply lazy binding

Usage

#./pivirus [ target directory ]

PIvirus-demo

TODO

  • machine code obfuscation
  • anti-debugging

License

MIT