Linux.Zariche: a Vala virus
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md
nettle.vapi
zariche.vala

README.md

Linux.Zariche: a Vala virus

Vala is an object-oriented programming language with a self-hosting compiler that generates C code and uses the GObject system. Vala is syntactically similar to C# and and rather than being compiled directly to assembly or to another intermediate language, Vala is source-to-source compiled to C, which is then compiled with a platform's standard C compiler, such as GCC.

You can also create VAPI files which are basically native C (not C++) functions you can import to Vala code. Being a language that is converted into plain and pure C, Vala code can also run on Windows (with the necessary code optimizations, of course).

Anyway I was decided to write a prepender in this language, the first (binary) virus ever written so far in Vala. It's named Linux.Zariche and there are two variants available so far.

  • Linux.Zariche.A original release, simple ELF infector (prepender).
  • Linux.Zariche.B uses AES encryptation via external library (vapi).

Compilation instructions are the following (tested on a x86_64 system, but should work on x86):

valac filename.vala --pkg=gee-1.0 --pkg=gio-2.0 --pkg=nettle --pkg=posix

Where Vala >= 0.20. In order to use the --pkg=nettle flag, place your nettle.vapi file inside Vala's library folder, usually something like /usr/share/vala-0.20/vapi for example.

NOTE: I'm not responsible for any damages this code may cause, use at your own risk and in a safe environment.