Menu
Metamorphic code is code that outputs a semantically equivalent version of itself: https://en.wikipedia.org/wiki/Metamorphic_code
However, a polymorphic code is code that uses a polymorphic engine to mutate while keeping the original algorithm intact: https://en.wikipedia.org/wiki/Polymorphic_engine
So, is the sole difference that polymorphic code relies on some other program (polymorphic engine), while the metamorphic has this functionality built-in?
Can someone provide an example of polymorphic code either through a link or in an answer?
Thank you,
924
Metamorphic malwares are body-polymorphic [10], i.e. Instead of generating new decryptor, a new instance (body) is created without changing its actions. Similar to polymorphic malware, obfuscation techniques can be used to create new instances.
A polymorphic virus is a harmful, destructive or intrusive type malware that can change, making it difficult to detect with anti-malware programs. A metamorphic virus is a virus that is rewritten with every iteration so that every succeeding version of the code is different from the proceeding one.
Polymorphic code allows a program to process objects differently depending on their data type or class, with the ability to redefine methods for derived classes.
Polymorphic viruses are complex file infectors that can create modified versions of itself to avoid detection yet retain the same basic routines after every infection. To vary their physical file makeup during each infection, polymorphic viruses encrypt their codes and use different encryption keys every time.
The key difference between polymorphic code and metamorphic code is whether the code that is actually executed changes or not. A polymorphic virus decrypts its code, runs that code, and then when propagating itself encrypts the decrypted code with a different key. When run on a different machine the decrypted code is the same. A metamorphic virus simply runs its code and then when propagating itself mutates its code into different but functionally identical code. The executed code is different on every machine its propagated to.
This means that with a polymorphic virus its possible to inspect the original unencrypted code by simply running it (ideally in some sort of safe sandbox environment) and then examining the decrypted version of the code in memory. With metamorphic code this doesn't work, the virus never generates an original version of itself.
Note that the term "polymorphic code" is confusing. Out of context, to most programmers it would mean code that written using polymorphic types.
67
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
