Add files via upload

Mocoh Polymorphic Engine.asm

@@ -0,0 +1,105 @@
+;                            .__
+;  _____   ____   ____  ____ |  |__
+; /     \ /  _ \_/ ___\/  _ \|  |  \  Poly Engine
+;|  Y Y  (  <_> )  \__(  <_> )   Y  \
+;|__|_|  /\____/ \___  >____/|___|  /
+;      \/            \/           \/
+;
+; [+] Simple Polymorphic PoC (code and decrypt routine)
+; [+] 1byte XOR random key
+; [+] The engine can change the key, and some instructions (code and order)
+; [+] This is not new, not advanced... Just for education purposes
+;
+; By: SWaNk 2019 - Back in business, VX forever!
+;
+;https://pt.wikipedia.org/wiki/Mocó (Kerodon rupestris)
+
+format PE GUI 4.0
+entry start
+
+include "%include%/win32a.inc"
+
+; This is the poly encryption macro (1 byte xor).
+; It is a simple XOR random 0x00 to 0xFF at compilation time.
+;This is just a example how this can be done... Use your imagination to improve
+
+macro encrypt dstart,dsize {
+    local ..char
+
+    key = %t and 0xff
+
+    repeat dsize
+        load ..char from dstart+%-1
+        ..char = ..char xor key
+        store ..char at dstart+%-1
+    end repeat
+}
+
+;The idea was to create a didactic macro. this guy will split the 1 byte range in 2 (0xff / 2 = 0x7f)
+;
+;If the pseudo random key is bigger than 0x7f, edx will receive the real_start then ecx will receive
+;the code_size. if the key is smaller than 0x7f, the order chage
+;
+;If the pseudo random key is bigger than 0x7f, the increase of edx will be made with "inc edx" otherwise
+;with "add edx, 1"
+
+macro simplePoly {
+      if key > 0x7f
+         mov edx,real_start
+         mov ecx,code_size
+      else
+         mov ecx,code_size
+         mov edx,real_start
+      end if
+
+ @@:  xor byte [edx],key
+
+      if key > 0x7f
+         inc edx
+      else
+         add edx,1
+      end if
+
+      loop @B
+}
+
+;this macro will generate this instructions starting at the entry point
+
+;       mov edx,mocoh.401010       | The order of this instructions
+;       mov ecx,1C                 | can change
+
+;       xor byte ptr ds:[edx],F4   | The key will change (this case is F4)
+;       inc edx                    | This can change to "add edx, 1"
+;       loop mocoh.40100A
+
+;============================================================
+section ".code" code readable writeable
+;============================================================
+start:
+
+simplePoly
+
+real_start:
+
+; Add your code here, start of encrypted code
+
+        stdcall [MessageBox],0,msg,title,MB_ICONASTERISK
+        stdcall [ExitProcess],0
+
+; end of encrypted code
+
+
+        display "Encrypting this shit... "
+        code_size = $ - real_start
+        encrypt real_start,code_size
+        display "done",13,10
+
+;============================================================
+section ".data" data readable writeable import
+;============================================================
+        library kernel32,"kernel32.dll",user32,"user32.dll"
+        include "%include%/api/kernel32.inc"
+        include "%include%/api/user32.inc"
+
+        title db "SWaNk 2019",0
+        msg   db "compile 2 times and compare the hashes and decryption instruction bitches!",0