mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-07 02:45:27 +00:00
331 lines
6.9 KiB
NASM
331 lines
6.9 KiB
NASM
; Date : 27-1-1989
|
||
; Ver : 1.04
|
||
; Program : Kill the Brain Virus
|
||
Cseg Segment Para Public 'MyCode'
|
||
Assume cs:Cseg,ds:Cseg
|
||
Org 100h
|
||
Start: Mov dx,offset CRight ;print copyright notice
|
||
Call DispStr
|
||
Mov ah,19h ;get current drive
|
||
Int 21h
|
||
Mov Drive,al ;save it
|
||
Call GetDrive ;Get drive if possible
|
||
Jc Exit
|
||
Call ChVirus ;virus present?
|
||
Jc Exit ;exit if not
|
||
Call FindBoot ;Find correct boot sector
|
||
Mov dx,offset VirusKill
|
||
Call DispStr
|
||
Call ReadFats ;Read the FAT tables
|
||
Jc Exit
|
||
Call CheckBad
|
||
Exit: Mov ax,4C00h
|
||
Int 21h
|
||
FindBoot Proc
|
||
Mov dl,[si+6]
|
||
Mov ax,18 ;9 sectors/track * 2 sides
|
||
Mov cl,[si+8]
|
||
Mul cl
|
||
Or dl,dl
|
||
Jz Fb1
|
||
Add ax,10 ;Move to the next side
|
||
Fb1: Mov dx,ax ;read this sector
|
||
Mov cx,1 ;Read one sector
|
||
Mov bx,offset PrgEnd ;Read it here
|
||
Mov al,Drive ;Get drive number
|
||
Int 25h ;Read interrupt
|
||
Jnc Fb2
|
||
Add sp,2
|
||
Mov dx,offset MesOh1
|
||
Call DispStr
|
||
Stc
|
||
Ret
|
||
Fb2: Add sp,2
|
||
Xor dx,dx ;Write at boot
|
||
Mov cx,1 ;Write one sector
|
||
Mov bx,offset PrgEnd ;Write from here
|
||
Mov al,Drive ;Get drive number
|
||
Int 26h ;Write interrupt
|
||
Jnc Fb3
|
||
Add sp,2
|
||
Mov dx,offset MesOh2 ;Print message
|
||
Call DispStr
|
||
Stc
|
||
Ret
|
||
Fb3: Add sp,2
|
||
Clc
|
||
Ret
|
||
FindBoot Endp
|
||
PointTo Proc
|
||
Push bx
|
||
Mov dx,ax
|
||
Add ax,ax
|
||
Add ax,dx
|
||
Mov dx,ax
|
||
Shr ax,1 ;Cluster * 1.5
|
||
Mov bx,offset PrgEnd
|
||
Add bx,ax
|
||
Mov ax,ds:[bx] ;Get entry
|
||
Test dx,1
|
||
Jnz Point1
|
||
And ax,0FFFh
|
||
Jmp short Point0
|
||
Point1: Shr ax,1
|
||
Shr ax,1
|
||
Shr ax,1
|
||
Shr ax,1
|
||
Point0: Pop bx
|
||
Ret
|
||
PointTo Endp
|
||
ReadFats Proc
|
||
Mov bx,offset PrgEnd
|
||
Mov al,Drive
|
||
Mov cx,4 ;read FAT1 and FAT2
|
||
Mov dx,1 ;FAT sectors
|
||
Int 25h ;Read FAT tables
|
||
Jnc Rf1
|
||
Add sp,2
|
||
Mov dx,offset FatError
|
||
Call DispStr
|
||
Stc
|
||
Ret
|
||
Rf1: Add sp,2
|
||
Clc
|
||
Ret
|
||
ReadFats Endp
|
||
|
||
CheckBad Proc
|
||
Call FindBad ;Find real boot sector
|
||
Call WriteFats
|
||
Exit1: Ret
|
||
CheckBad Endp
|
||
FindBad Proc
|
||
Mov cx,354 ;Check 354 clusters
|
||
Mov ax,2 ;start with cluster 2
|
||
Mov bx,ax
|
||
FM: Call PointTo ;Find where it points
|
||
Cmp ax,0FF7h ;Is it bad?
|
||
Jz ChkBd ;Check if realy bad
|
||
FindMore1: Inc bx
|
||
Mov ax,bx
|
||
Loop FM
|
||
Ret
|
||
ChkBd: Push ax
|
||
Call CheckCluster ;bx=cluster number, try to read
|
||
Pop ax
|
||
Jmp short FindMore1
|
||
FindBad Endp
|
||
WriteFats Proc
|
||
Mov bx,offset PrgEnd
|
||
Mov al,Drive
|
||
Mov cx,4 ;FAT1 and FAT2
|
||
Mov dx,1 ;Start of FAT sectors
|
||
Int 26h ;Write FAT tables
|
||
Jnc Wf1 ;Jump if not fail
|
||
Add sp,2
|
||
Mov dx,offset MesOh3 ;Write error
|
||
Call DispStr
|
||
Stc
|
||
Ret
|
||
Wf1: Add sp,2
|
||
Clc
|
||
Ret
|
||
WriteFats Endp
|
||
CheckCluster Proc
|
||
Push bx
|
||
Push cx
|
||
Sub bx,2
|
||
Sal bx,1
|
||
Add bx,12 ;bx=sector number
|
||
Mov dx,bx ;sector
|
||
Mov cx,2 ;2 sectors
|
||
Mov bx,offset PrgEnd+205
|
||
Mov al,Drive
|
||
Int 25h ;Read sectors
|
||
Jnc QRc1
|
||
Add sp,2
|
||
Mov al,2 ;err 2=try more
|
||
Pop cx
|
||
Pop bx
|
||
Ret
|
||
QRc1: Add sp,2
|
||
Pop cx
|
||
Pop bx ;Mark cluster bx as not bad
|
||
Mov ax,bx
|
||
Push bx
|
||
Mov dx,ax
|
||
Add ax,ax
|
||
Add ax,dx
|
||
Mov dx,ax
|
||
Shr ax,1 ;Cluster * 1.5
|
||
Mov bx,offset PrgEnd
|
||
Add bx,ax
|
||
Mov ax,ds:[bx] ;Get entry
|
||
Test dx,1
|
||
Jnz QPo1
|
||
And ax,0F000h
|
||
Jmp short QPo2
|
||
QPo1: And ax,000Fh
|
||
QPo2: Mov ds:[bx],ax ;Write entry to FAT1
|
||
Mov ds:[bx+1024],ax ;Write entry to FAT2
|
||
Pop bx
|
||
Ret
|
||
CheckCluster Endp
|
||
|
||
ChVirus Proc
|
||
Call ReadBoot ;Read the boot sector
|
||
Jnc ChVirus1
|
||
Ret
|
||
ChVirus1: Mov si,offset PrgEnd
|
||
Mov dx,offset MesBad ;Assume bad news
|
||
Cmp word ptr [si+4],1234h
|
||
Jz InThere
|
||
Mov dx,offset MesGood ;Assume all OK
|
||
Mov di,436 ;Vector of interrupt 13h
|
||
Push es
|
||
Xor ax,ax
|
||
Mov es,ax
|
||
Mov ax,es:[di+2] ;get segment of the interrupt
|
||
Pop es
|
||
Cmp ax,0C800h
|
||
Jb InThere
|
||
Mov dx,offset MesBad1 ;active now!
|
||
Call DispStr
|
||
Mov bx,offset PrgEnd
|
||
Mov ah,2 ;Read
|
||
Mov al,1 ;1 sector
|
||
Mov dl,Drive
|
||
Xor dh,dh ;head number
|
||
Xor ch,ch ;track number
|
||
Mov cl,1 ;sector 1
|
||
Int 6Dh ;Virus uses interrupt 6Dh
|
||
Mov si,offset PrgEnd
|
||
Mov dx,offset MesBad
|
||
Cmp word ptr [si+4],1234h
|
||
Jz InThere1
|
||
Mov dx,offset MesGood
|
||
Call DispStr
|
||
Stc ;No need to do more.
|
||
Ret
|
||
InThere: Call DispStr
|
||
Clc ;Do more
|
||
Ret
|
||
InThere1: Call DispStr ;write bad news
|
||
Mov dx,offset MesBad2 ;No lasting effect
|
||
Jmp short InThere
|
||
ChVirus Endp
|
||
ReadBoot Proc
|
||
Mov bx,offset PrgEnd ;Put it here
|
||
Mov al,Drive ;Drive to use
|
||
Mov cx,1 ;One sector
|
||
Xor dx,dx ;Boot sector
|
||
Int 25h ;Read it
|
||
Jnc P0
|
||
Add sp,2
|
||
Mov dx,offset MesBoot
|
||
Cmp ah,80h ;Time-out?
|
||
Jz P1
|
||
Mov dx,offset MesBoot1
|
||
P1: Call DispStr
|
||
Stc ;Error
|
||
Ret ;Go
|
||
P0: Add sp,2
|
||
Clc ;No error
|
||
Ret ;Go
|
||
ReadBoot Endp
|
||
GetDrive Proc
|
||
Mov si,80h
|
||
Mov cl,[si] ;Get length of command tail
|
||
Xor ch,ch
|
||
Or cx,cx
|
||
Jnz Lab1
|
||
Cmp byte ptr Drive,2
|
||
Jae DriveError1
|
||
Clc
|
||
Ret
|
||
Lab1: Add si,cx
|
||
Inc si
|
||
Mov byte ptr [si],0 ;Command ends with 0
|
||
Mov si,81h
|
||
Cld
|
||
SpOut: Lodsb
|
||
Cmp al,32
|
||
Jz SpOut ;Skip blanks
|
||
Or al,al
|
||
Jnz Stan1
|
||
Ret
|
||
|
||
Stan1: Lodsb
|
||
Or al,al
|
||
Jnz Check1
|
||
Ret
|
||
Check1: Cmp al,':'
|
||
Jnz Stan1
|
||
Cmp si,84h
|
||
DriveCheck: Jb DriveError
|
||
Mov al,[si-2]
|
||
And al,223 ;Convert to upper case
|
||
Cmp al,'A'
|
||
Jb DriveError1
|
||
Cmp al,'B'
|
||
Ja DriveError1
|
||
Sub al,65 ;Convert drive to 0 or 1
|
||
Mov Drive,al
|
||
Clc
|
||
Ret
|
||
DriveError: Mov dx,offset Err8 ;Drive expected
|
||
Call DispStr
|
||
Stc
|
||
Ret
|
||
DriveError1: Mov dx,offset Err9 ;Invalid drive
|
||
Call DispStr
|
||
Stc
|
||
Ret
|
||
GetDrive Endp
|
||
DispStr Proc
|
||
Mov ah,9
|
||
Int 21h
|
||
Ret
|
||
DispStr Endp
|
||
|
||
CRight db 13,10
|
||
db 'Kill the <Brain> virus Ver 1.04, 27-1-1989',13,10
|
||
db '(C) Fragakis Stelios 1988,1989',13,10,13,10,'$'
|
||
|
||
|
||
Err8 db 'Error 8 : Drive expected.$'
|
||
Err9 db 'Error 9 : Invalid drive specified. Must be A or B.$'
|
||
MesBoot db 13,10
|
||
db 'Program execution aborted. Door open?',13,10,'$'
|
||
MesBoot1 db 13,10
|
||
db 'I can not read the boot sector.',13,10
|
||
db 'Disk can not contain the virus <Brain>.',13,10,'$'
|
||
FatError db 13,10
|
||
db 'Sorry, I can not read the FAT tables.',13,10
|
||
db 'FAT corrections not written to disk.',13,10,'$'
|
||
VirusKill db 'Virus <Brain> was successfully killed.',13,10,'$'
|
||
MesOh1 db 'DISK ERROR : I can not read the correct boot sector.'
|
||
db 13,10,'$'
|
||
MesOh2 db 'Failed to write correct boot sector in boot area.'
|
||
db 13,10,'$'
|
||
MesOh3 db 'Failed to write FAT tables. Corrections lost.'
|
||
db 13,10,'$'
|
||
MesGood db 'Good News : The disk is not <Brain> contaminated.'
|
||
db 13,10,'$'
|
||
MesBad db 'Bad News : The disk is <Brain> contaminated.'
|
||
db 13,10,'$'
|
||
|
||
MesBad1 db '* WARNING *',13,10
|
||
db 'Virus <Brain> is active right now !',13,10,'$'
|
||
|
||
MesBad2 db 13,10
|
||
db 'Remove the disk after the virus is killed',13,10
|
||
db 'to avoid the risk of contamination.',13,10,13,10,'$'
|
||
|
||
Count db 0 ;Count 0..58
|
||
Drive db 0 ;Current drive
|
||
|
||
PrgEnd:
|
||
Cseg Ends
|
||
End Start
|
||
|