Started collecting virus samples since 2013, and over 300 different samples have been studied.
To interpret the behavior of a virus, finding the payload is not enough, but also to inspect its working mechanism.
Favorite DOS viruses
Writing viruses in a creative way is also an art of programming. Interesting ASCII art and 8-bit audio delivered by DOS viruses always impress me.
Here are some of my favorites in alphabetical order:
Sources of samples
My samples are mostly collected from these sites, some of them even provide source codes!
- Open Malware (closed)
- VX heaven (closed)
- VX-archiv (closed)
Please feel free to suggest more virus sample sites.
Here is a list of software I use for virus analysis.
- Runs actual instructions of old CPUs
- Selectable BIOS (not provided with the software, you need to search for them yourself)
- A good choice to test a sample that cannot run in other virtual machine software
- VMware Workstation 11 personal license
- PC that have PC beeper may consider version 11 which is the last version that supports this device
- Newer PCs do not have PC beeper, consider version 12
- Reads binary files to ASCII characters, helpful to find internal text strings
- Helps to decrypt the encrypted virus samples
- You can select to encrypt or decrypt any part instead the whole sample