hexfiles issue 1: About me, HEX-FILES and everything in this file
⁄-------------------------------------------------------------¬-------------ø
| €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€ | Issue No. |
| € €€ € € €€€ €€€€€€ € € €€€€€ € € | |
| € €€ € €€€€€€ € €€€€€€€ €€€€€ € €€€€€ €€€€€ €€‹‹€ | fl€ |
| € € €€€€ €€ € €€ € €€€€€ €€ € | € |
| € €€ € €€€€€€ € €€€€€€€ €€€€€ € €€€€€ €€€€€flfl€€ € | € |
| € €€ € € €€€ €€€€€€ €€€€€ € € € € | € |
| €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€ | € |
| €€€€€€€€€€€€€€€€€ Philippines Virus Zine €€€€€€€€€€€€€€€€€€ | |
| €€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€ |December 1997|
¿-------------------------------------------------------------¡-------------Ÿ
Mabuhay!
Welcome to the first issue of my zine.
I am Putoksa Kawayan, a Filipino and a resident of the City of Manila, Philippines. One of the things that caught my interest is computer virii.
I had been collecting virii for some time now. I had assembled a modest collection of these virii found in the wild here in the Philippines. These are mostly new virii as I was not able to get some of the early virii because I was very young then.
Aside from collecting virii, I also write virii whenever I am forced to stay indoors, such as when there is a strong typhoon or when my weekly allowance runs out. While my classmates were into Wordstar and BASIC, I was already into assembly on my own. Our teacher who could hardly teach us BASIC (learned on a seminar one summer vacation), what more with assembly he doesn't know of. As I was into this on my own and due to the absence of good sample programs, I disassembled a virus to learn more on handling files. As a goal, I decided to write a virus of my own. This is how I became fascinated with virii.
The first virii I disassembled was Possessed. Whatever bad things people said about Gumba, his Possessed told me things that books never did. As I disassembled more virus, the more I learned how to do things another way and all that stuff. So you see folks, virii are not that bad, if you look at it in perspective. Before, I am just like you. Whenever I find the dreaded *VIRUS* on my disk -- I was quick on the trigger finger and my av is always on the ready.
My first virii is based on Possessed, but is not a Possessed clone. But looking at it, you could find something Possessed-like here and there. But it has something that Possessed didn't have - encryption.
This multi-level encrypted virii became a self-modifying, multi-level encrypted virii and is now a full multipartite, self- modifying, multi-level encrypted virii. All of my virii are not released except for a few copies which went to the virii collections of friends. Never did I intentionally release these to the wild as I did not have the heart to infect another person's disk or files whoever he may be. I decided to put up this virus zine, HEX-FILES, instead.
Why did I choose HEX-FILES for a name? Just like many others in the VX side of this world, I like 40Hex. I like the way it was presented - no frills and very light. When I decided to put up a zine of my own, I wanted it to look like 40Hex. The "HEX" part is in cognizance of 40Hex. I was thinking of something which will sound nice with hex. That's when I saw a local computer magazine's cover story - "Hexed Files". It sounds like x-files, a tv show I like to watch, and it is a good description of virii. (In fact, the cover story was a pun on x-Files.) But it was a bit too long for my title page (see above), so I dropped the 'ed' and placed a hyphen instead. And that's the long and short of the story on how HEX-FILES got its name. Comprende.
To give HEX-FILES a direction and purpose, I formulated the following objectives:
- To present virii that originated from the Philippines, both confirmed and widely believed to be of Philippine origin. From hereon, these virii are collectively referred to as PhVx;
- To serve as a forum for Filipino virus authors to present their work;
- To maintain a list of PhVx; and
- To encourage and promote standardization of names used for PhVx.
I do not encourage and would not encourage writing of destructive virii or writing of virii in general. But there are many out there who are coding virii. College teachers are even encouraging their computer majors to write virii as project in assembly language courses. HEX-FILES is intended for those who already write virii. These virii might find their way to HEX-FILES and could include destructive codes.
An exception to my self-imposed rule on not writing destructive codes is if it concerns AVs and AV like settings of your computer. I would rather kill AV progs before they zap me. It's a matter of survival. As in real wars, civilians are hit in the crossfire. One of these civilians is SCANDISK of DOS. Others that use AV like names will also be hit. My apologies to the makers of these programs. Do not use AV names or you will be hit hard and hit hard it shall be.
HEX-FILES does not carry live virii. However, program listings and scripts found in HEX-FILES create first generations of virii, infected programs, virii droppers or other virii related programs when compiled. This was intentionally done so that we could avoid someone from executing these programs without exactly knowing what they are doing. Believe me, there are people stupid enough to do this.
If you create an executable program out of those listed in HEX-FILES means that you are fully aware of the nature of these programs and the consequences of using these programs. You also agree that HEX-FILES and/or everybody connected with HEX-FILES in any way are not responsible for any damage that may result from the use or misuse of these programs.
You, being the person who created the executable program and/or executed the program, bears full responsibility for your actions.
Furthermore, you fully agree that these programs would only be used for research and/or educational purposes only. In no way should these programs be used to inflict harm or damage on another person and/or his property.
Content
HEXFILE1.000 ..... About me, HEX-FILES and everything in this file
HEXFILE1.001 ..... An invitation
HEXFILE1.002 ..... CARO names for PhVx
HEXFILE1.003 ..... PhVx Register
HEXFILE1.004 ..... Disassembly of Microbe
HEXFILE1.005 ..... Microbe Virus Dropper (ASM and DEBUG script)
HEXFILE1.006 ..... Cara.Standard.1024 (ASM and DEBUG script)
HEXFILE1.007 ..... Cara.Kara.739 (ASM and DEBUG script)
HEXFILE1.008 ..... Duwende (ASM)
HEXFILE1.009 ..... Creating variants in a snap
Duwende.409.A (DEBUG script)
Duwende.409.B (DEBUG script)
Duwende.409.C (DEBUG script)
Duwende.409.D (DEBUG script)
Duwende.409.E (DEBUG script)
Duwende.410.A (DEBUG script)
Duwende.410.B (DEBUG script)
HEXFILE1.010 ..... Philippines.3133 (DEBUG script)
- = o = -
There's nothing much in this issue. Starting next issue we will have some of the newer virii and also some old stuff. The focus will be on virii created by students from Adamson University: Possessed and Oggo. And I hope I could find the diskette where I kept the source code of the Philippines virus. Plus more...
ÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕ
˛ Masadya nga Paskwa ˛ Maayadayad nga Paskwa ˛ Malipayon nga Paskwa ˛
˛ Naragsak nga Paskwa ˛ Felices Pascuas ˛ Maugmang Pasko ˛
˛ Malipayon na Pasko ˛ Maupay nga Pasko ˛
˛ Maligayang Pasko ˛
*
˛
the
People
of the
Philippines
greets everyone
a
˛ Merry Christmas ˛
ÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕ
ÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕ
Sandaang Taon ng Kalayaaan
Republika ng Pilipinas
1898 ˙ Ika-12 ng Hunyo ˙ 1998
* * * * * *
1898 ˙ 12 June ˙ 1998
Republic of the Philippines
100 Years of Independence
ÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕÕ