mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-21 02:46:10 +00:00
227 lines
3.4 KiB
NASM
227 lines
3.4 KiB
NASM
START SEGMENT
|
||
ASSUME CS:START,DS:START
|
||
MOV BX,80H
|
||
MOV CH,0
|
||
MOV CL,[BX]
|
||
DEC CX
|
||
MOV SI,OFFSET KODOK+100H
|
||
CALL BET
|
||
JZ KILEP
|
||
MOV SI,OFFSET FILEN+100H
|
||
CALL BET
|
||
JZ KILEP
|
||
MOV SI,OFFSET FILECO+100H
|
||
CALL BET
|
||
JMP FOLYT
|
||
KILEP: INT 20H
|
||
FOLYT: MOV SI,OFFSET KODOK+100H
|
||
MOV BX,OFFSET KODTB+100H
|
||
CIKL1: MOV AL,[SI]
|
||
OR AL,AL
|
||
JZ FOLYT5
|
||
OR AL,20H
|
||
FOLYT5: CMP AL,[BX]
|
||
JZ FOLYTC
|
||
JMP KODER
|
||
FOLYTC: CMP AL,0
|
||
JZ FOLYT4
|
||
INC BX
|
||
INC SI
|
||
JMP CIKL1
|
||
FOLYT4: MOV AL,0
|
||
MOV AH,3DH
|
||
MOV DX,OFFSET FILECO+100H
|
||
INT 21H
|
||
JNC FOLYTD
|
||
JMP FILER
|
||
FOLYTD: PUSH AX
|
||
MOV BX,AX
|
||
MOV AH,3FH
|
||
MOV CX,100H
|
||
MOV DX,OFFSET IPUFF+100H
|
||
INT 21H
|
||
POP BX
|
||
JNC FOLYTE
|
||
JMP FILER
|
||
FOLYTE: MOV AH,3EH
|
||
INT 21H
|
||
JNC FOLYTF
|
||
JMP FILER
|
||
FOLYTF: MOV BX,OFFSET IPUFF+100H
|
||
MOV SI,OFFSET PMNAM+100H
|
||
CIKL2: MOV AL,[SI]
|
||
OR AL,AL
|
||
JZ FOLYT7
|
||
CMP AL,[BX]
|
||
JZ PMOK
|
||
JMP PMER
|
||
PMOK: INC BX
|
||
INC SI
|
||
JMP CIKL2
|
||
FOLYT7: MOV DI,OFFSET FILMO+100H
|
||
MOV DL,2
|
||
CIKL4: MOV SI,OFFSET FILEN+100H
|
||
MOV CX,13
|
||
REP MOVSB
|
||
DEC DL
|
||
JNZ CIKL4
|
||
FOLYTA: MOV BX,7
|
||
MOV CX,26
|
||
MOV AL,03FH
|
||
MOV AH,9
|
||
INT 10H
|
||
MOV BX,OFFSET IPUFF+157H
|
||
MOV CX,26
|
||
MOV SI,OFFSET FILMO+100H
|
||
MOV DI,OFFSET OPUFF+100H
|
||
MOV BYTE PTR [IRANY+100H],1
|
||
CIKL6: PUSH CX
|
||
MOV CL,0
|
||
CIKL5: MOV AL,[SI]
|
||
XOR AL,CL
|
||
ROR AL,CL
|
||
CMP AL,[BX]
|
||
JZ FOLYTB
|
||
CIKL9: ADD CL,BYTE PTR [IRANY+100H]
|
||
JNZ CIKL5
|
||
PUSH BX
|
||
PUSH CX
|
||
PUSH AX
|
||
MOV AX,0E07H
|
||
MOV BX,0
|
||
INT 10H
|
||
MOV AX,0E3FH
|
||
MOV BX,0
|
||
INT 10H
|
||
POP AX
|
||
POP CX
|
||
POP BX
|
||
JMP TASZT
|
||
FOLYTB: MOV [DI],CL
|
||
CMP CL,128
|
||
JC FOLYTG
|
||
JMP CIKL9
|
||
FOLYTG: CMP CL,20H
|
||
JC CIKL9
|
||
TASZT1: PUSH CX
|
||
PUSH BX
|
||
PUSH AX
|
||
MOV BX,0
|
||
MOV AL,CL
|
||
MOV AH,0EH
|
||
MOV CX,1
|
||
INT 10H
|
||
POP AX
|
||
POP BX
|
||
POP CX
|
||
TASZT: MOV AH,0
|
||
INT 16H
|
||
CMP AH,4BH
|
||
JZ BAL
|
||
CMP AH,4DH
|
||
JZ JOBB
|
||
CMP AH,48H
|
||
JZ FEL
|
||
CMP AH,50H
|
||
JZ LE1
|
||
CMP AH,1CH
|
||
JZ ESC1
|
||
JMP TASZT
|
||
LE1: CALL BALRA
|
||
MOV BYTE PTR [IRANY+100H],0FFH
|
||
JMP CIKL9
|
||
BALRA: PUSH BX
|
||
PUSH CX
|
||
PUSH AX
|
||
MOV AX,0E08H
|
||
MOV BX,0
|
||
INT 10H
|
||
POP AX
|
||
POP CX
|
||
POP BX
|
||
RET
|
||
FEL: CALL BALRA
|
||
MOV BYTE PTR [IRANY+100H],01H
|
||
JMP CIKL9
|
||
BAL: CALL BALRA
|
||
CMP BX,OFFSET IPUFF+157H
|
||
JNC BAL1
|
||
JMP CIKL9
|
||
BAL1: CALL BALRA
|
||
DEC BX
|
||
DEC SI
|
||
DEC DI
|
||
POP CX
|
||
INC CX
|
||
JMP CIKL6
|
||
JOBB: CMP BX,OFFSET IPUFF+157H+25
|
||
JC JOBB1
|
||
CALL BALRA
|
||
JMP CIKL9
|
||
JOBB1: INC BX
|
||
INC SI
|
||
INC DI
|
||
POP CX
|
||
DEC CX
|
||
JMP CIKL6
|
||
ESC1: POP CX
|
||
MOV AX,0E0DH
|
||
MOV BX,0
|
||
INT 10H
|
||
MOV AX,0E0AH
|
||
MOV BX,0
|
||
INT 10H
|
||
MOV BYTE PTR [OPUFF+100H+28],0
|
||
KILEP1: MOV SI,OFFSET OPUFF+100H
|
||
CALL KIIR
|
||
JMP KILEP
|
||
IRANY: DB 1
|
||
PMER: MOV SI,OFFSET PERR+100H
|
||
CALL KIIR
|
||
JMP KILEP
|
||
KODER: MOV SI,OFFSET KDERR+100H
|
||
CALL KIIR
|
||
JMP KILEP
|
||
FILER: MOV SI,OFFSET FERR+100H
|
||
CALL KIIR
|
||
JMP KILEP
|
||
KIIR: MOV AL,[SI]
|
||
CMP AL,0
|
||
JNZ FOLYT6
|
||
RET
|
||
FOLYT6: MOV AH,0EH
|
||
MOV BX,0
|
||
INT 10H
|
||
INC SI
|
||
JMP KIIR
|
||
BET: MOV AL,[BX+2]
|
||
CMP AL,20H
|
||
JNZ FOLYT2
|
||
MOV BYTE PTR [SI],0
|
||
INC BX
|
||
INC SI
|
||
LOOP FOLYT3
|
||
XOR AL,AL
|
||
FOLYT3: RET
|
||
FOLYT2: MOV [SI],AL
|
||
INC SI
|
||
INC BX
|
||
LOOP BET
|
||
MOV BYTE PTR [SI],0
|
||
XOR AL,AL
|
||
RET
|
||
PMNAM: DB 'File encrypted by PathMinder v2.01 (c) Copyright 1984,1985 Westlake Data Corporation',0
|
||
FERR: DB 'TOLTESI HIBA A LEMEZEN',0DH,0AH,0
|
||
PERR: DB 'HIBAS PM-VERZIO',0DH,0AH,0
|
||
KRERR: DB 'KERESESI HIBA',0DH,0AH,0
|
||
KDERR: DB 'KODOLASI HIBA',0DH,0AH,0
|
||
FILEN: DB 64 DUP (0)
|
||
FILECO: DB 64 DUP (0)
|
||
KODOK: DB 64 DUP (0)
|
||
KODTB: DB 'feri&bozo',0
|
||
IPUFF: DB 256 DUP (0)
|
||
FILMO: DB 30 DUP (0)
|
||
OPUFF: DB 32*64 DUP (0)
|
||
START ENDS
|
||
END
|
||
|