{"id":16818133,"url":"https://github.com/igr/kuang2-virus","last_synced_at":"2026-02-01T23:32:24.511Z","repository":{"id":52215055,"uuid":"520571294","full_name":"igr/kuang2-virus","owner":"igr","description":"Kuang2 - Virus","archived":false,"fork":false,"pushed_at":"2022-08-26T08:22:23.000Z","size":73,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-07-16T18:19:11.133Z","etag":null,"topics":["virus"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/igr.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"igr","patreon":"igo_rs"}},"created_at":"2022-08-02T16:27:06.000Z","updated_at":"2023-03-09T23:59:22.000Z","dependencies_parsed_at":"2022-09-11T04:51:23.482Z","dependency_job_id":null,"html_url":"https://github.com/igr/kuang2-virus","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/igr/kuang2-virus","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igr%2Fkuang2-virus","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igr%2Fkuang2-virus/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igr%2Fkuang2-virus/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igr%2Fkuang2-virus/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/igr","download_url":"https://codeload.github.com/igr/kuang2-virus/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/igr%2Fkuang2-virus/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28994918,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-02-01T23:10:54.274Z","status":"ssl_error","status_checked_at":"2026-02-01T23:10:47.298Z","response_time":56,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["virus"],"created_at":"2024-10-13T10:49:17.512Z","updated_at":"2026-02-01T23:32:24.495Z","avatar_url":"https://github.com/igr.png","language":"C","funding_links":["https://github.com/sponsors/igr","https://patreon.com/igo_rs"],"categories":[],"sub_categories":[],"readme":"# Kuang2 - the Virus\n\nšŸ¤·ā€ā™‚ļø Some code I wrote long time ago... for fun and non-profit.\n\nšŸš€ Pull Requests \u0026 contributions are welcomed!\n\nšŸ’œ Enjoy.\n\nšŸ“ Looking for a [trojan](https://github.com/igr/kuang2-trojan) instead?\n\n## Win32.Weird\n\nIt is a non dangerous memory resident parasitic Win32 virus. It writes itself to the end of PE EXE files (Windows executable) by increasing last file section and modifying PE header fields. The virus copy in infected files consists of two parts. First part (starter) is a short routine (about one kilobyte of code and data), the second part is the main virus code (about 10Kb of size) encrypted with silly encryption loop. \n\nWhen the infected file is executed, the starter takes control, decrypts the second part of virus code, drops it to Windows directory as a PE EXE file with random name and executes it. The main virus instance stays memory resident as a hidden Windows application, runs a low priority thread that periodically scans drives' directory trees, looks for PE EXE files and infects them. \n\nThe virus also affects the EXPLORER.EXE file. It copies it with the EXPLORER.E name, infects this copy and writes the [rename] instruction to the WININIT.INI file to replace original EXPLORER.EXE with infected copy on next Windows startup. \n\nThe virus has a backdoor ability. When it is active as a Windows application it opens Internet connection and waits for specific calls from there. The virus has a little list of supported commands compared to other known backdoors, but it allows to upload, download, execute and delete files on the infected machine from remote host. \n\nThe virus contains the \"copyright\" text:\n\n```\n#Coded by Weird#\n```\n\n## Project\n\n+ `client` is simple GUI app that connects to infected computer and gains access to it. ![](k2-client.png)\n+ `server` contains the virus code and the simple 'infector' app - that infects an `.exe` of your choice. ![](k2-infector.png)\n\nI was using Watcom compiler and custom stub libs. At the moment, I am not able to rebuild the code (but at least know how:)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Figr%2Fkuang2-virus","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Figr%2Fkuang2-virus","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Figr%2Fkuang2-virus/lists"}