Welcome to the Computer Security Wiki! You can help us by expanding stubs, create new articles and improve current articles.
You can also help us by logging-in or creating an account!


From Malware Wiki
Jump to: navigation, search

Started collecting virus samples since 2013, and over 300 different samples have been studied.

To interpret the behavior of a virus, finding the payload is not enough, but also to inspect its working mechanism.

Favorite DOS viruses

Diamond.1014 captured in PCem.

Writing viruses in a creative way is also an art of programming. Interesting ASCII art and 8-bit audio delivered by DOS viruses always impress me.

Here are some of my favorites in alphabetical order:

Sources of samples

My samples are mostly collected from these sites, some of them even provide source codes!

  • Open Malware (closed)
  • VX heaven (closed)
  • VX-archiv (closed)

Please feel free to suggest more virus sample sites.

Software used

Here is a list of software I use for virus analysis.

  • PCem
    • Runs actual instructions of old CPUs
    • Selectable BIOS (not provided with the software, you need to search for them yourself)
    • A good choice to test a sample that cannot run in other virtual machine software
  • VMware Workstation 11 personal license
    • PC that have PC beeper may consider version 11 which is the last version that supports this device
    • Newer PCs do not have PC beeper, consider version 12
  • xvi32
    • Reads binary files to ASCII characters, helpful to find internal text strings
  • CrypTool
    • Helps to decrypt the encrypted virus samples
    • You can select to encrypt or decrypt any part instead the whole sample