Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-30 19:02:32 +00:00
Code Releases Activity
2be37d2649
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.nobrain.asm

331 lines
6.9 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-12 23:52:14 +00:00
; Date : 27-1-1989
; Ver : 1.04
; Program : Kill the Brain Virus
Cseg Segment Para Public 'MyCode'
Assume cs:Cseg,ds:Cseg
Org 100h
Start: Mov dx,offset CRight ;print copyright notice
Call DispStr
Mov ah,19h ;get current drive
Int 21h
Mov Drive,al ;save it
Call GetDrive ;Get drive if possible
Jc Exit
Call ChVirus ;virus present?
Jc Exit ;exit if not
Call FindBoot ;Find correct boot sector
Mov dx,offset VirusKill
Call DispStr
Call ReadFats ;Read the FAT tables
Jc Exit
Call CheckBad
Exit: Mov ax,4C00h
Int 21h
FindBoot Proc
Mov dl,[si+6]
Mov ax,18 ;9 sectors/track * 2 sides
Mov cl,[si+8]
Mul cl
Or dl,dl
Jz Fb1
Add ax,10 ;Move to the next side
Fb1: Mov dx,ax ;read this sector
Mov cx,1 ;Read one sector
Mov bx,offset PrgEnd ;Read it here
Mov al,Drive ;Get drive number
Int 25h ;Read interrupt
Jnc Fb2
Add sp,2
Mov dx,offset MesOh1
Call DispStr
Stc
Ret
Fb2: Add sp,2
Xor dx,dx ;Write at boot
Mov cx,1 ;Write one sector
Mov bx,offset PrgEnd ;Write from here
Mov al,Drive ;Get drive number
Int 26h ;Write interrupt
Jnc Fb3
Add sp,2
Mov dx,offset MesOh2 ;Print message
Call DispStr
Stc
Ret
Fb3: Add sp,2
Clc
Ret
FindBoot Endp
PointTo Proc
Push bx
Mov dx,ax
Add ax,ax
Add ax,dx
Mov dx,ax
Shr ax,1 ;Cluster * 1.5
Mov bx,offset PrgEnd
Add bx,ax
Mov ax,ds:[bx] ;Get entry
Test dx,1
Jnz Point1
And ax,0FFFh
Jmp short Point0
Point1: Shr ax,1
Shr ax,1
Shr ax,1
Shr ax,1
Point0: Pop bx
Ret
PointTo Endp
ReadFats Proc
Mov bx,offset PrgEnd
Mov al,Drive
Mov cx,4 ;read FAT1 and FAT2
Mov dx,1 ;FAT sectors
Int 25h ;Read FAT tables
Jnc Rf1
Add sp,2
Mov dx,offset FatError
Call DispStr
Stc
Ret
Rf1: Add sp,2
Clc
Ret
ReadFats Endp
CheckBad Proc
Call FindBad ;Find real boot sector
Call WriteFats
Exit1: Ret
CheckBad Endp
FindBad Proc
Mov cx,354 ;Check 354 clusters
Mov ax,2 ;start with cluster 2
Mov bx,ax
FM: Call PointTo ;Find where it points
Cmp ax,0FF7h ;Is it bad?
Jz ChkBd ;Check if realy bad
FindMore1: Inc bx
Mov ax,bx
Loop FM
Ret
ChkBd: Push ax
Call CheckCluster ;bx=cluster number, try to read
Pop ax
Jmp short FindMore1
FindBad Endp
WriteFats Proc
Mov bx,offset PrgEnd
Mov al,Drive
Mov cx,4 ;FAT1 and FAT2
Mov dx,1 ;Start of FAT sectors
Int 26h ;Write FAT tables
Jnc Wf1 ;Jump if not fail
Add sp,2
Mov dx,offset MesOh3 ;Write error
Call DispStr
Stc
Ret
Wf1: Add sp,2
Clc
Ret
WriteFats Endp
CheckCluster Proc
Push bx
Push cx
Sub bx,2
Sal bx,1
Add bx,12 ;bx=sector number
Mov dx,bx ;sector
Mov cx,2 ;2 sectors
Mov bx,offset PrgEnd+205
Mov al,Drive
Int 25h ;Read sectors
Jnc QRc1
Add sp,2
Mov al,2 ;err 2=try more
Pop cx
Pop bx
Ret
QRc1: Add sp,2
Pop cx
Pop bx ;Mark cluster bx as not bad
Mov ax,bx
Push bx
Mov dx,ax
Add ax,ax
Add ax,dx
Mov dx,ax
Shr ax,1 ;Cluster * 1.5
Mov bx,offset PrgEnd
Add bx,ax
Mov ax,ds:[bx] ;Get entry
Test dx,1
Jnz QPo1
And ax,0F000h
Jmp short QPo2
QPo1: And ax,000Fh
QPo2: Mov ds:[bx],ax ;Write entry to FAT1
Mov ds:[bx+1024],ax ;Write entry to FAT2
Pop bx
Ret
CheckCluster Endp
ChVirus Proc
Call ReadBoot ;Read the boot sector
Jnc ChVirus1
Ret
ChVirus1: Mov si,offset PrgEnd
Mov dx,offset MesBad ;Assume bad news
Cmp word ptr [si+4],1234h
Jz InThere
Mov dx,offset MesGood ;Assume all OK
Mov di,436 ;Vector of interrupt 13h
Push es
Xor ax,ax
Mov es,ax
Mov ax,es:[di+2] ;get segment of the interrupt
Pop es
Cmp ax,0C800h
Jb InThere
Mov dx,offset MesBad1 ;active now!
Call DispStr
Mov bx,offset PrgEnd
Mov ah,2 ;Read
Mov al,1 ;1 sector
Mov dl,Drive
Xor dh,dh ;head number
Xor ch,ch ;track number
Mov cl,1 ;sector 1
Int 6Dh ;Virus uses interrupt 6Dh
Mov si,offset PrgEnd
Mov dx,offset MesBad
Cmp word ptr [si+4],1234h
Jz InThere1
Mov dx,offset MesGood
Call DispStr
Stc ;No need to do more.
Ret
InThere: Call DispStr
Clc ;Do more
Ret
InThere1: Call DispStr ;write bad news
Mov dx,offset MesBad2 ;No lasting effect
Jmp short InThere
ChVirus Endp
ReadBoot Proc
Mov bx,offset PrgEnd ;Put it here
Mov al,Drive ;Drive to use
Mov cx,1 ;One sector
Xor dx,dx ;Boot sector
Int 25h ;Read it
Jnc P0
Add sp,2
Mov dx,offset MesBoot
Cmp ah,80h ;Time-out?
Jz P1
Mov dx,offset MesBoot1
P1: Call DispStr
Stc ;Error
Ret ;Go
P0: Add sp,2
Clc ;No error
Ret ;Go
ReadBoot Endp
GetDrive Proc
Mov si,80h
Mov cl,[si] ;Get length of command tail
Xor ch,ch
Or cx,cx
Jnz Lab1
Cmp byte ptr Drive,2
Jae DriveError1
Clc
Ret
Lab1: Add si,cx
Inc si
Mov byte ptr [si],0 ;Command ends with 0
Mov si,81h
Cld
SpOut: Lodsb
Cmp al,32
Jz SpOut ;Skip blanks
Or al,al
Jnz Stan1
Ret
Stan1: Lodsb
Or al,al
Jnz Check1
Ret
Check1: Cmp al,':'
Jnz Stan1
Cmp si,84h
DriveCheck: Jb DriveError
Mov al,[si-2]
And al,223 ;Convert to upper case
Cmp al,'A'
Jb DriveError1
Cmp al,'B'
Ja DriveError1
Sub al,65 ;Convert drive to 0 or 1
Mov Drive,al
Clc
Ret
DriveError: Mov dx,offset Err8 ;Drive expected
Call DispStr
Stc
Ret
DriveError1: Mov dx,offset Err9 ;Invalid drive
Call DispStr
Stc
Ret
GetDrive Endp
DispStr Proc
Mov ah,9
Int 21h
Ret
DispStr Endp
CRight db 13,10
db 'Kill the <Brain> virus Ver 1.04, 27-1-1989',13,10
db '(C) Fragakis Stelios 1988,1989',13,10,13,10,'$'
Err8 db 'Error 8 : Drive expected.$'
Err9 db 'Error 9 : Invalid drive specified. Must be A or B.$'
MesBoot db 13,10
db 'Program execution aborted. Door open?',13,10,'$'
MesBoot1 db 13,10
db 'I can not read the boot sector.',13,10
db 'Disk can not contain the virus <Brain>.',13,10,'$'
FatError db 13,10
db 'Sorry, I can not read the FAT tables.',13,10
db 'FAT corrections not written to disk.',13,10,'$'
VirusKill db 'Virus <Brain> was successfully killed.',13,10,'$'
MesOh1 db 'DISK ERROR : I can not read the correct boot sector.'
db 13,10,'$'
MesOh2 db 'Failed to write correct boot sector in boot area.'
db 13,10,'$'
MesOh3 db 'Failed to write FAT tables. Corrections lost.'
db 13,10,'$'
MesGood db 'Good News : The disk is not <Brain> contaminated.'
db 13,10,'$'
MesBad db 'Bad News : The disk is <Brain> contaminated.'
db 13,10,'$'
MesBad1 db '* WARNING *',13,10
db 'Virus <Brain> is active right now !',13,10,'$'
MesBad2 db 13,10
db 'Remove the disk after the virus is killed',13,10
db 'to avoid the risk of contamination.',13,10,13,10,'$'
Count db 0 ;Count 0..58
Drive db 0 ;Current drive
PrgEnd:
Cseg Ends
End Start

Copy Permalink