
 ____   ___  ____  _____    ____ ___  __  __    ____                  _
|  _ \ / _ \/ ___|| ____|  / ___/ _ \|  \/  |  / ___|_ __ _   _ _ __ | |_
| |_) | | | \___ \|  _|   | |  | | | | |\/| | | |   | '__| | | | '_ \| __|
|  _ <| |_| |___) | |___  | |__| |_| | |  | | | |___| |  | |_| | |_) | |_
|_| \_\\___/|____/|_____|  \____\___/|_|  |_|  \____|_|   \__, | .__/ \__|
                                                          |___/|_|

--------------------------------------------------------------------------
                     RSCC - ROSE SWE Super COM Crypt
--------------------------------------------------------------------------
$Header: /cygdrive/d/cvs/src/asm/rc/rscc.txt,v 1.12 2006/11/06 21:46:10 Ralph Exp $

This was a test to write a crypter/protector that is fully polymorph. I
got this idea from the famous Uruguay virus family. Unfortunately virus
scanners like AVP/KAV find in RSCC 1.05 (and lower) protected files a
TPE.DOS virus with is a false positive! This limits the use of older
RSCC version! Starting with RSCC 1.20 we use another (ADDITIONALLY!)
mutation engine, so this false positive is fixed!

I suggest to put over RSCC another protector like RC/Hard or HackStop to
avoid false positives from anti virus software!

Files to protect must be greater than 300-400 bytes and smaller than 55
KB. RSCC will add protection code that is in average 215 bytes long (the
smallest protector is around 177 bytes and larger protectors are around
250 bytes). The plain RSCC protector size is 138 bytes, the rest is
needed for the polymorph code. The average protector length is 229 bytes
for RSCC 1.20.

If RSCC successfully crypts a file then the jump to the second
decryption routine will be hidden under a polymorphic layer (approx 80
bytes long). This first layer is encrypted using the new HS Mutation
Engine V2.0. The second polymorph layer is encrypted using the old HS
Mutation Engine V1.0 which is based on the TPE 1.4 engine.

RSCC is based on RC286 version 1.11. I release this lame stuff because
many people ask me for 'new' stuff to write detection and unpacker tools
for. Maybe YOU will find bugs in RSCC - for this reason the original
source code is included!

 Ralph Roth, ROSE SWE


