Linux.Zariche: a Vala virus
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.

Linux.Zariche: a Vala virus

Vala is an object-oriented programming language with a self-hosting compiler that generates C code and uses the GObject system. Vala is syntactically similar to C# and and rather than being compiled directly to assembly or to another intermediate language, Vala is source-to-source compiled to C, which is then compiled with a platform's standard C compiler, such as GCC.

You can also create VAPI files which are basically native C (not C++) functions you can import to Vala code. Being a language that is converted into plain and pure C, Vala code can also run on Windows (with the necessary code optimizations, of course).

Anyway I was decided to write a prepender in this language, the first (binary) virus ever written so far in Vala. It's named Linux.Zariche and there are two variants available so far.

  • Linux.Zariche.A original release, simple ELF infector (prepender).
  • Linux.Zariche.B uses AES encryptation via external library (vapi).

Compilation instructions are the following (tested on a x86_64 system, but should work on x86):

valac filename.vala --pkg=gee-1.0 --pkg=gio-2.0 --pkg=nettle --pkg=posix

Where Vala >= 0.20. In order to use the --pkg=nettle flag, place your nettle.vapi file inside Vala's library folder, usually something like /usr/share/vala-0.20/vapi for example.

NOTE: I'm not responsible for any damages this code may cause, use at your own risk and in a safe environment.