{"id":20372024,"url":"https://github.com/lem0nsec/alcatraz","last_synced_at":"2025-09-23T20:30:56.039Z","repository":{"id":143564576,"uuid":"585990002","full_name":"lem0nSec/Alcatraz","owner":"lem0nSec","description":"An example of Windows self-replicating malware.","archived":false,"fork":false,"pushed_at":"2023-01-16T21:34:39.000Z","size":770,"stargazers_count":10,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"main","last_synced_at":"2024-11-15T01:11:48.755Z","etag":null,"topics":["assembly","nasm","reverse-enginnering","virus","yara"],"latest_commit_sha":null,"homepage":"","language":"Assembly","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lem0nSec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2023-01-06T16:33:05.000Z","updated_at":"2024-09-30T10:50:33.000Z","dependencies_parsed_at":null,"dependency_job_id":"c94ac001-0739-4384-a324-83f3758bc775","html_url":"https://github.com/lem0nSec/Alcatraz","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lem0nSec%2FAlcatraz","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lem0nSec%2FAlcatraz/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lem0nSec%2FAlcatraz/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lem0nSec%2FAlcatraz/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lem0nSec","download_url":"https://codeload.github.com/lem0nSec/Alcatraz/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":233995008,"owners_count":18762965,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["assembly","nasm","reverse-enginnering","virus","yara"],"created_at":"2024-11-15T01:11:11.577Z","updated_at":"2025-09-23T20:30:55.406Z","avatar_url":"https://github.com/lem0nSec.png","language":"Assembly","readme":"# Alcatraz\n![](https://img.shields.io/badge/NASM-x64-brown) ![](https://img.shields.io/badge/GoLink-1.0.4.2-brightgreen) ![](https://img.shields.io/badge/License-GPL%20--%202.0-blue)\n\n:dart: Alcatraz is a basic **self-replicating Virus** I developed for educational and academic purposes. \n\n:hammer: I always wanted to create an 'old-school' program in pure Assembly, so here's the code!\n\n-----------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\n## Disclaimer\n\nThis code must not be used to cause damage. The author is not responsible for its usage or damages caused as a consequence of its usage. **The goal of this repository is to explain how a basic PE-file infector works, as well as how it can be detected and stopped.**\n\nBear in mind that although Alcatraz may crash at some point due to the fact that it's just not perfect (look at Characteristics below), **running Alcatraz may cause harm to your system files.**\n\n-----------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\n## Wiki\nA detailed description of the most salient parts of this code can be found in the [src](https://github.com/lem0nSec/Alcatraz/tree/main/src) directory.\n\n-----------------------------------------------------------------------------------------------------------------------------------------------------------------------\n\n## Characteristics\n\n:white_check_mark: Dinamically resolves Kernel32.dll APIs and creates a 'function table' in memory;\n\n:white_check_mark: Searches for, proactively identifies and targets 64bit .exe files;\n\n:white_check_mark: Can recursively search for files (Directory_mode / File_mode);\n\n:white_check_mark: Self-replicates past the target entrypoint (.text section);\n\n:x: The infection logic is not deterministic (some files might be unable to run Alcatraz code);\n\n:x: Still crashes on some .dll files (I will fix this asap).\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flem0nsec%2Falcatraz","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flem0nsec%2Falcatraz","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flem0nsec%2Falcatraz/lists"}