Author Topic: Is there a reason why some Malware is written in pure ASM?  (Read 300 times)

brown_sam

  • Regular Member
  • *
  • Posts: 6
Is there a reason why some Malware is written in pure ASM?
« on: July 21, 2017, 09:09:02 AM »
I may be misinformed. However I've been reading up on malware, just out of curiosity. And I know a lot of malware are binaries and don't have the source code, so we don't know the exact language they are written in. However I came across Malware such as Slammer, Boza, and Magistr. Which are apparently written in assembly according to this webpage - http://malware.wikia.com/wiki/Assembly

My question is why? why not use a higher level language to interact with the OS API. I've just started learning assembly as I want to learn how a computer really works. However writing assembly is inefficient as it takes multiple commands to perform tasks such as system calls, which would take 1 line in a language such as C.

Is it mostly personal preference or are there certain advantages which make assembly the ideal language for some Malware authors? and just to note, i know a lot of malware is not written in assembly, but I'm just curious as to why someone would.

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 4813
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: Is there a reason why some Malware is written in pure ASM?
« Reply #1 on: July 21, 2017, 10:07:46 AM »
Two things, the statement is out of date by many years as among other things, binary viruses are rare these days as AV scanners that are written properly can detect the type of activity that a binary virus attempts to perform. Most of the risks today are hacking, trojans and rootkits and they are often written in scripting languages. If you know what to look for in a binary file, things like stack entry and exit and generally what compiler code looks like, you will get some idea of what they are written in.

> However writing assembly is inefficient as it takes multiple commands to perform tasks such as system calls, which would take 1 line in a language such as C.

Like most things, it depends on how much you know about it AND the range of libraries you have, C does no better with a system API call than anything else, you have to pass the same number of arguments and call the function. In MASM it looks like this.

invoke MessageBox,hWnd,"Text Message","Title",MB_OK

This can be done because MASM has a preprocessor that is far more powerful than C/C++, Pascal and Basic.

> My question is why? why not use a higher level language to interact with the OS API.

File size, speed, power, architecture, lack of limitations etc etc etc ....

Now one word of warning here, we have had to deal with people interested in writing viruses for many years and know a massive range of tricks they use to try and extract information that will help them but if we even get a sniff of this, the post will be deleted and the person who posts it will get arseholed out the door faster than Halleys Comet.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

felipe

  • Member
  • ***
  • Posts: 283
  • I love assembly language programming.
Re: Is there a reason why some Malware is written in pure ASM?
« Reply #2 on: July 21, 2017, 01:37:42 PM »
However writing assembly is inefficient as it takes multiple commands to perform tasks such as system calls, which would take 1 line in a language such as C.

I guess hutch said everything, but in particular to this point i want to tell you this:

If assembly language is inefficient, the processor it is too. And therefore, every program that run on it,  whichever be the high level programming language used for those programs.

Welcome to the forum  :icon14:
Felipe.

brown_sam

  • Regular Member
  • *
  • Posts: 6
Re: Is there a reason why some Malware is written in pure ASM?
« Reply #3 on: July 21, 2017, 07:12:51 PM »
Thanks was just curious. With assembly i'm mainly interested in attempting to write a small game, after watching a computerphile video XD. I really don't see the point in wasting productivity by destroying productivity with malware. However nonetheless i am interested in the why and not really the end result. Thanks for replying guys.

jj2007

  • Member
  • *****
  • Posts: 7558
  • Assembler is fun ;-)
    • MasmBasic
Re: Is there a reason why some Malware is written in pure ASM?
« Reply #4 on: July 21, 2017, 09:32:28 PM »
With assembly i'm mainly interested in attempting to write a small game

There is a nice thread on my 100% Assembly game development.

Your first post was not a lucky one; as Hutch alluded to in his post, we have seen a lot over the years, and we smell malware fans miles against the wind. But if we get the impression that your intentions are OK, you will get valuable advice here.

brown_sam

  • Regular Member
  • *
  • Posts: 6
Re: Is there a reason why some Malware is written in pure ASM?
« Reply #5 on: July 21, 2017, 10:00:27 PM »
That's understandable and I'm glad the admin came Tbh (as he should if the topic arises). I've just across this forum and really taking a liking to it. Curiosity is just Curiosity. And that looks awesome. I'm planning on learning enough assembly to write a chess game. Will probably use this forum again, if i have any questions in my development process. Thanks for the link btw.

brown_sam

  • Regular Member
  • *
  • Posts: 6
Re: Is there a reason why some Malware is written in pure ASM?
« Reply #6 on: July 21, 2017, 10:04:22 PM »
And will be sure to not ask this type of question again.